[Touch-packages] [Bug 2016597] [NEW] Tests create ~/.ssh/authorized_keys group writable due to wrong umask

Mon, 17 Apr 2023 05:04:21 -0700 

Public bug reported:

Traditionally, the default umask as been 0022, which is still the case
on Debian and for the root user on Ubuntu.

But for non-root users PAM sets a user's session umask to 0002 by
default (/etc/pam.d/common-session*), as defined in "/etc/login.defs"
via USERGROUPS_ENAB.

tinyssh's sshd will reject connections if ~/.ssh/authorized_key is writable by 
group/other.
The test case (re-)creates ~/.ssh/authorized_keys by echoing some strings/keys 
into it, which creates a new file on the default umask, breaking the test.

** Affects: systemd (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: tinyssh (Ubuntu)
     Importance: Undecided
     Assignee: Lukas Märdian (slyon)
         Status: New


** Tags: update-excuse

** Tags added: update-excuse

** Also affects: systemd (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: tinyssh (Ubuntu)
     Assignee: (unassigned) => Lukas Märdian (slyon)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/2016597

Title:
  Tests create ~/.ssh/authorized_keys group writable due to wrong umask

Status in systemd package in Ubuntu:
  New
Status in tinyssh package in Ubuntu:
  New

Bug description:
  Traditionally, the default umask as been 0022, which is still the case
  on Debian and for the root user on Ubuntu.

  But for non-root users PAM sets a user's session umask to 0002 by
  default (/etc/pam.d/common-session*), as defined in "/etc/login.defs"
  via USERGROUPS_ENAB.

  tinyssh's sshd will reject connections if ~/.ssh/authorized_key is writable 
by group/other.
  The test case (re-)creates ~/.ssh/authorized_keys by echoing some 
strings/keys into it, which creates a new file on the default umask, breaking 
the test.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/2016597/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to