Skip to content

Add symlink and chown checks when accessing key path#2192

Open
norakoiralamsft wants to merge 1 commit into
masterfrom
norakoirala/security-fix
Open

Add symlink and chown checks when accessing key path#2192
norakoiralamsft wants to merge 1 commit into
masterfrom
norakoirala/security-fix

Conversation

@norakoiralamsft

Copy link
Copy Markdown
Contributor

The PR aims to address improper handling of symbolic links in the process of resetting or setting SSH public keys for existing Linux users.

This was the suggested mitigation : Open the target with O_NOFOLLOW (and O_EXCL when creating), or verify with os.lstat/os.path.islink that the final path component is not a symlink immediately before writing. Replace os.chown with os.lchown so ownership changes never follow a symlink. Before operating, validate that the parent .ssh directory and the authorized_keys file are owned by the target user and are not symlinks; refuse otherwise. Apply the same guards to the SSH2/PKCS8 conversion branch (ssh_deploy_public_key).

@norakoiralamsft norakoiralamsft requested review from a team, D1v38om83r and nkuchta as code owners July 1, 2026 17:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant