Unable to open file at keyfile (mode 400) for `sudo -i` root

Question

Unable to open file at keyfile (mode 400) for `sudo -i` root

Closed this issue 4 years ago · 1 comments

ZenithalHourlyRate commented 4 years ago

Describe the bug

For root with sudo -i, with keyfile at mode 400, khefin can not read the keyfile, also this root can not enrol a key

To Reproduce
Steps to reproduce the first behavior:

sudo -i
Generate a keyfile or use an old keyfile
chown root:root keyfile
chmod 400 keyfile
khefin generate -f keyfile
Type in correct passphrase
See error khefin: Unable to open file at keyfile

Steps to reproduce the second behavior:

sudo -i
khefin enrol -d /dev/hidraw0 -f keyfile
Type passphrase
See error khefin: Unable to open file at keyfile

Expected behavior
Open the keyfile

Environment:

Operating system: Arch Linux
Version: 0.6.0
Authenticator make and model: Canokeys CanoKey

Additional context

For normal user, the above commands can not reproduce this bug.
For su - root, the above commands can not reproduce this bug.

Answer 1 · 2021-01-17T21:05:15.000Z

Thanks for the report! This is because khefin drops privileges, for reasons which are no longer relevant. I have a fix for this that will form part of version 0.6.1, landing in the next couple of hours.