OT: security of make as authorized_keys command
John Summerfield
debian at herakles.homelinux.org
Tue Jan 1 23:49:45 UTC 2008
Dave Burns wrote:
>
>
> What if a bad guy does get my key? Then I see three possible problems:
>
> 1) somehow use make's -F switch in ssh command to change Makefiles?
> 2) stack overflow of make or ssh?
> 3) Somehow put extra command after make target using ';' or something?
>
> And obviously the bad guy can invoke any of the targets in my
> makefile, but I've made them pretty innocuous.
>
> So, should I seriously worry about any of these potential problems?
> Any other holes I haven't thought of?
>
> The motivation for all this is some cron jobs I want to run, obviously
> calls for a passwordless ssh key, but I want to put some limits on it.
I'm completely confused as to the whys and wherefores of what you're
trying to do, but for the ungodly to do bad they'd
1. Need your credentials
2. Need to know your system's address
3. Need to be able to connect to it - iptables is really good for this
4. Need to know your account name
5. Need to know what it does and how to do it
6. Need a means to profit. The value (in their eyes) comes into this.
The last is a little difficult to estimate, conceivably someone might
have an idea of how to profit that you can't imagine, maybe just for
bragging rights in some peer group.
Finally, you need to be able to estimate the harm they could do if they
did gain access. On my systems, they could send email, but IRC bots
would not work, and they could not port-scan others (though testing ssh
would work).
--
Cheers
John
-- spambait
1aaaaaaa at coco.merseine.nu Z1aaaaaaa at coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
You cannot reply off-list:-)
More information about the fedora-list
mailing list