Re: cloud-init follows symlinks for ssh authorized_keys

[Roman Drahtmueller <draht () schaltsekun de>]

[...]
> Again, os.path.isdir follows symlinks, and so do chown and chmod, and
> also the functions underlying write_file. By the way there are some
> more race condition situations happening in the latter function, among
> others, in which directories can be removed or changed around after
> the "ensure" check. Whether or not that constitutes a security issue
> remains to be seen.
>
> Anyway, make of this what you will. Is this a vector? Is this not a
> vector? It's certainly not very robust code in any case.

Wouldn't it be a problem in the set-up much earlier if an unprivileged 
user can write to a different user's directories? 
A symlink for $HOME/.ssh/authorized_keys may have a practicacl purpose, 
such as a system-wide file for functional users.
> From this viewpoint, it doesn't matter if the check is racey or not. 

The path walk with the checks if path components to $HOME/.ssh are 
writeable for users other than the target user is much more useful in 
this context, while it is not necessary either.

> Regards,
> Jason

Roman.