147797 – Create policy for /usr/libexec/openssh/ssh-keysign

Bug 147797 - Create policy for /usr/libexec/openssh/ssh-keysign

Summary: Create policy for /usr/libexec/openssh/ssh-keysign

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy-targeted
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2005-02-11 14:21 UTC by Tomas Mraz
Modified:	2007-11-30 22:11 UTC (History)
CC List:	0 users
Fixed In Version:	1.23.5-2
Doc Type:	Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-09-04 23:34:51 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Tomas Mraz 2005-02-11 14:21:31 UTC

Description of problem:
The ssh-keysign binary is setuid because it needs to read the system's sshd
private keys /etc/ssh/ssh_host_[dr]sa_key. It opens them and immediately drops
to the original uid. It reads /etc/ssh/ssh_config for options. Then it reads the
data which should be signed from STDIN and gets addres/name of a socket it
inherited. Then it verifies that the data passed to it are correct and signs
them  (using /dev/random through OpenSSL). The result is written to stdout.

To protect against revealing the ssh keys the selinux policy should be created.
It was suggested to me by Jakub.

Comment 1 Daniel Walsh 2005-03-24 23:43:45 UTC

Added policy to handle this in selinux-policy-strict-1.23.5-2
Not really sure how to test it though.

Note You need to log in before you can comment on or make changes to this bug.