看板 FB_stable 關於我們 聯絡資訊
On 28 February 2014 18:42, Jilles Tjoelker <jilles@stack.nl> wrote: > On Fri, Feb 28, 2014 at 06:08:10PM -0500, Eitan Adler wrote: >> On 28 February 2014 17:15, Mark Felder <feld@freebsd.org> wrote: >> .... > >> > In my opinion, if I'm using an ssh utility and I specify "-i" flag it >> > should be the private key. > >> Hey all, > >> Sorry about the confusion ssh-copy-id has caused you. > >> Does the following patch help ? > > In addition to that, it may be useful to add an explicit check against > sending private keys. Even though printf(1) fails, the receiving server > still gets the private key and a malicious root user might steal it. > > For example, any key starting with '-' is inappropriate. I thought about adding a check for private keys. However such a check is insufficient since the user may have supplied other private files accidentally such as /etc/passwd or a GPG key. -- Eitan Adler Source, Ports, Doc committer Bugmeister, Ports Security teams _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"