Running dropbear as unprivileged user to a single user SSH Server

Rob Landley rob at landley.net
Wed Aug 31 19:46:38 WST 2011 

On 08/29/2011 08:27 AM, Antoine Catton wrote:
> Hi,
> 
> Here is in attachement the patch I submit for your review.
> I wasn't able to figure out how to override the user password. So far,
> it only overrides home directory and shell, it also ignores the
> authentification username ; it logs in as the user running dropbear SSH
> server.
> 
> Moreover, I'm not familiar with autoconf, I didn't know how to add
> options to ./configure enabling the right macros (ENABLE_SINGLEUSER and
> ENABLE_SINGLEUSER_ROOT).

Why does ENABLE_SINGLEUSER_ROOT exist?  If somebody can set environment
variables for the root user, there's plenty of other stuff they can do,
is there any point in switching this _off_ for root?

What's the point of the log messages?  (Isn't the point of dropbear that
it's small and simple?)

In generally you seem to be m_free()-ing a lot right before assigning
it, but the context of the hunks you're inserting stuff in aren't doing
m_free() before their assignments.  Is there a reason for this?

Just to look closer at one hunk:

> 	username = buf_getstring(ses.payload, &userlen)
> +#ifdef ENABLE_SINGLEUSER
> +	/* If userspace enabled, ignore username */
> +	if (svr_opts.singleuser) {
> +		m_free(username);
> +		/* Get the current login of the user running dropbear */
> +		username = m_strdup(getlogin());
> +	}
> +#endif /* ifdef ENABLE_SINGLEUSER */

1) The comments don't add anything here.  (If userspace enabled?  Here's
what getlogin() does?  Here's the end of the #ifdef seven lines earlier?)

2) The first line of that hunk creates a copy of username, then you
check if you need to free that copy and make a different copy.  Seems
like a waste of work to me?

3) The Linux kernel uses a trick where it #defines is_singleuser() in a
header somewhere to either a constant 0 (so the compiler's dead code
elimination chops out the code) or else to svr_opts.singleuser, so you
could just do:

  if (is_singleuser()) {
    m_free(username);
    username = m_strdup(getlogin());
  } else username = buf_getstring(ses.payload, &userlen);

This is why Linux code isn't #ifdef salad.  FYI.

Rob

More information about the Dropbear mailing list