Comment 18 for bug 321442
Revision history for this message
| Steve Langasek (vorlon) wrote Re: [Bug 321442] Re: NM ignores "system"-level connections if files are world-readable | #18 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
On Sat, Aug 24, 2013 at 07:18:20AM -0000, cheater wrote:
> bear in mind ssh has the same policy about ignoring "insecure" files.
Incorrect. ssh has a policy of disallowing insecure files on the *server*
side: insecure permissions on the .ssh directory of the target user mean the
server cannot trust the integrity of those files. But that does not prevent
ssh from using a world-readable identity file on the *client* side, which is
the security equivalent of what we're talking about here.
The reason for this is that sometimes the client really *does* want the
private key to be shared, and ssh shouldn't get in the way of that; and once
the file has been made public any other user can copy it to a mode 0600
file of their own and use it there: the cat's already out of the bag, so
there's no point in trying to enforce "security" on the client.