Commits · a9ca24ca3b44e8b438e8b2811e1492a40edf18e5 · Christoph Anton Mitterer / remote-forward-credentials

May 09, 2022

sc/grid-proxy-certificate: try to remove remote certificate upon error · a9ca24ca
Christoph Anton Mitterer authored 2 years ago
```
Signed-off-by: Christoph Anton Mitterer <mail@christoph.anton.mitterer.name>
```
a9ca24ca

sc/grid-proxy-certificate: don’t move remote certificate into another directory · 9ab41c79

Christoph Anton Mitterer authored 2 years ago


An attacker on the remote side (for example a regular user there) could create
a symbolic link at the destination pathname for the remote proxy certificate
(like `/tmp/x509up_u1000`).

If that symbolic link would refer to a directory writable by the user, the proxy
certificate file  would end up in the directory owned by the attacker.
This in turn may allow the attacker to read the file (for example when the
directory is a mountpoint controlled by the attacker).

Use `mv`’s `--no-target-directory`-option in order to prevent this.

If such symbolic link is owned by the user it would get overwritten.

Signed-off-by: Christoph Anton Mitterer <mail@christoph.anton.mitterer.name>

9ab41c79

sc/grid-proxy-certificate: imported initial version of a subcommand for grid-... · d1b75739

Christoph Anton Mitterer authored 2 years ago

sc/grid-proxy-certificate: imported initial version of a subcommand for grid- respectively VOMS-proxy-certificates

Signed-off-by: Christoph Anton Mitterer <mail@christoph.anton.mitterer.name>

d1b75739