compile: disallow multiple pubkeys in one file
The way pubkey files are handled by gitolite, this could be used by a repo admin to get shell access. It's always been there as an undocumented emergency mechanism for an admin who lost his shell keys or overwrote them due to not understanding ssh well enough (and it has been so used at least once). But not any more... Like the @SHELL case, this reflects a shift away from treating people with repo admin rights as eqvt to people who have shell on the server, and systematically making the former lesser privileged than the latter. While in most cases (including my $DAYJOB) these two may be the same person, I am told that's not a valid assumption for others, and there've been requests to close this potential loophole.
This commit is contained in:
Sitaram Chamarty
Sitaram Chamarty
parent
261b289609
commit
645ab77af5
|
|
@ -458,14 +458,20 @@ for my $pubkey (glob("*"))
|
|||
print STDERR "WARNING: pubkey $pubkey exists but user $user not in config\n"
|
||||
unless $user_list{$user};
|
||||
$user_list{$user} = 'has pubkey';
|
||||
# apparently some pubkeys don't end in a newline...
|
||||
my $pubkey_content = `cat $pubkey`;
|
||||
$pubkey_content =~ s/\s*$/\n/;
|
||||
# don't trust files with multiple lines (i.e., something after a newline)
|
||||
if ($pubkey_content =~ /\n./)
|
||||
{
|
||||
print STDERR "WARNING: a pubkey file can only have one line (key); ignoring $pubkey\n";
|
||||
next;
|
||||
}
|
||||
if ($SHELL_USERS and $SHELL_USERS =~ /(^|\s)$user(\s|$)/) {
|
||||
print $newkeys_fh "command=\"$AUTH_COMMAND -s $user\",$AUTH_OPTIONS ";
|
||||
} else {
|
||||
print $newkeys_fh "command=\"$AUTH_COMMAND $user\",$AUTH_OPTIONS,no-pty ";
|
||||
}
|
||||
# apparently some pubkeys don't end in a newline...
|
||||
my $pubkey_content = `cat $pubkey`;
|
||||
$pubkey_content =~ s/\s*$/\n/;
|
||||
print $newkeys_fh $pubkey_content;
|
||||
}
|
||||
# lint check 3; a little more severe than the first two I guess...
|
||||
|
|
|
|||
Loading…
Reference in a new issue