chiark
/
gitweb
/
~ianmdlvl
/
otter.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
5911af8
)
config, ssh: check that authorized_keys{,_include} is not recursive
author
Ian Jackson
<ijackson@chiark.greenend.org.uk>
Mon, 7 Jun 2021 13:29:50 +0000
(14:29 +0100)
committer
Ian Jackson
<ijackson@chiark.greenend.org.uk>
Mon, 7 Jun 2021 13:30:04 +0000
(14:30 +0100)
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
src/config.rs
patch
|
blob
|
history
diff --git
a/src/config.rs
b/src/config.rs
index b8d9d57864a547e8c236fa0036a90f27c6efe69e..53c2b04bb47d607a5e35a696a085bd3851249f77 100644
(file)
--- a/
src/config.rs
+++ b/
src/config.rs
@@
-180,6
+180,13
@@
impl ServerConfigSpec {
let authorized_keys_include = authorized_keys_include.unwrap_or_else(
|| format!("{}.static", authorized_keys)
);
+ if authorized_keys == authorized_keys_include {
+ throw!(anyhow!(
+ "ssh authorized_keys and authorized_keys_include are equal {:?} \
+ which would imply including a file in itself",
+ &authorized_keys
+ ));
+ }
let ssh_proxy_uid = match ssh_proxy_user {
None => Uid::current(),