Bug 147797 - Create policy for /usr/libexec/openssh/ssh-keysign
Summary: Create policy for /usr/libexec/openssh/ssh-keysign
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted   
(Show other bugs)
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Keywords: FutureFeature
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-02-11 14:21 UTC by Tomas Mraz
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version: 1.23.5-2
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-09-04 23:34:51 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Tomas Mraz 2005-02-11 14:21:31 UTC
Description of problem:
The ssh-keysign binary is setuid because it needs to read the system's sshd
private keys /etc/ssh/ssh_host_[dr]sa_key. It opens them and immediately drops
to the original uid. It reads /etc/ssh/ssh_config for options. Then it reads the
data which should be signed from STDIN and gets addres/name of a socket it
inherited. Then it verifies that the data passed to it are correct and signs
them  (using /dev/random through OpenSSL). The result is written to stdout.

To protect against revealing the ssh keys the selinux policy should be created.
It was suggested to me by Jakub.

Comment 1 Daniel Walsh 2005-03-24 23:43:45 UTC
Added policy to handle this in selinux-policy-strict-1.23.5-2
Not really sure how to test it though.




Note You need to log in before you can comment on or make changes to this bug.