Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSH_CONNECTION security issue is back #902

Closed
yuhldr opened this issue Apr 5, 2024 · 5 comments · May be fixed by #903
Closed

SSH_CONNECTION security issue is back #902

yuhldr opened this issue Apr 5, 2024 · 5 comments · May be fixed by #903

Comments

@yuhldr
Copy link

yuhldr commented Apr 5, 2024

like #74

use aur howdy-beta-git, The same thing happened: "Face recognition on login via ssh #74"
@yuhldr
Copy link
Author

yuhldr commented Apr 5, 2024

Doesn't work

howdy/howdy/src/pam/main.cc

Lines 151 to 152 in 344eb34

if (getenv("SSH_CONNECTION") != nullptr ||
getenv("SSH_CLIENT") != nullptr || getenv("SSHD_OPTS") != nullptr) {

@musikid
Copy link
Collaborator

musikid commented Apr 9, 2024

It works, what program are you trying to authenticate?

@yuhldr
Copy link
Author

yuhldr commented Apr 9, 2024

It works, what program are you trying to authenticate?

in archlinux A,

  • install aur howdy-beta-git,
  • add auth sufficient /lib/security/pam_howdy.so try_first_pass nullok in /etc/pam.d/system-auth

then ssh A and sudo su via ssh , the face recognition is triggered. this is a big security issue.

maybe auth sufficient .. should be add other pam.d? but old version is work well.

@musikid musikid mentioned this issue Apr 10, 2024
Open
@musikid
Copy link
Collaborator

musikid commented Apr 10, 2024

Thanks for your report, it indeed doesn't work on sudo while working with other programs. I created #903 to fix it.

@yuhldr
Copy link
Author

yuhldr commented Apr 10, 2024

Thanks for your report, it indeed doesn't work on sudo while working with other programs. I created #903 to fix it.

work well!

@yuhldr yuhldr closed this as completed Apr 10, 2024
@tokox tokox mentioned this issue Apr 13, 2024
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(pam): use environ variable when getenv doesn't work musikid/howdy
2 participants
@musikid @yuhldr