Clem Taylor wrote:
> I'm working on an embedded Linux system that has a read-only jffs2
> root file system. /tmp is a tmpfs file system for files that need to
> be writable. Anything that needs writable files is symlinked to /tmp.

[...]
> It seems that sshd is finding the absolute path of the authorized_keys
> file and then stating the first path entry. I'm not quite sure why it
> is checking the top level directory and not the permissions of the
> directory that contains the authorized_keys.


The check stops at the user's home directory if the real pathname is
within that directory, otherwise it checks every parent directory to the
root.

Generally, if a directory is group or world writable then the
authorized_keys files and/or the .ssh directory could be renamed and
recreated by a third party (the check does not consider the sticky bit,
as it's rarely set on home directories).

> I'd rather avoid having to separate tmpfs filesystems, so is there an
> easy way to work around this problem? I'm using OpenSSH_3.9p1 and
> OpenSSL 0.9.7e.


set "StrictModes no" in sshd_config? You could also teach the checks
(secure_filename in auth.c) about sticky bits on directories.

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.