summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJameson Graef Rollins <jrollins@phys.columbia.edu>2008-08-14 21:05:40 -0700
committerJameson Graef Rollins <jrollins@phys.columbia.edu>2008-08-14 21:05:40 -0700
commit2f89210eb11ccb0a7289f89a545697029b2bb9d7 (patch)
tree31fb3e221eab22ff262d3e3116d9fcfec5bf09ac
parent6d4dbe49e803c76d1c8ac3550aff6c246a251371 (diff)
Add sorting of the processed key lines so that "good" keys are output
at the end. This is done so that they take precedence over "bad" when being processed in key files. If bad keys are processed after good keys, there is a possibility of malicious bad key causing good keys to be continually removed from key files, which would be a big nuisance.
-rw-r--r--src/common10
1 files changed, 6 insertions, 4 deletions
diff --git a/src/common b/src/common
index 9c76bd1..17955a7 100644
--- a/src/common
+++ b/src/common
@@ -484,7 +484,10 @@ process_user_id() {
fi
;;
esac
- done
+ done | sort -t: -k1 -n -r
+ # NOTE: this last sort is important so that the "good" keys (key
+ # flag '0') come last. This is so that they take precedence when
+ # being processed in the key files over "bad" keys (key flag '1')
}
# process a single host in the known_host file
@@ -498,16 +501,15 @@ process_host_known_hosts() {
local tmpfile
host="$1"
+ userID="ssh://${host}"
log "processing: $host"
- userID="ssh://${host}"
-
nKeys=0
nKeysOK=0
IFS=$'\n'
- for line in $(process_user_id "ssh://${host}") ; do
+ for line in $(process_user_id "${userID}") ; do
# note that key was found
nKeys=$((nKeys+1))