Bugzilla – Attachment 2035 Details for
Bug 1893
change ssh-keysign to setgid from setuid
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch solving the problem
openssh-5.8p1-keyperm.patch (text/plain), 1.66 KB, created by
jchadima
on 2011-04-22 07:17:21 AEST
(
hide
)
Description:
patch solving the problem
Filename:
MIME Type:
Creator:
jchadima
Created:
2011-04-22 07:17:21 AEST
Size:
1.66 KB
patch
obsolete
>diff -up openssh-5.8p1/authfile.c.keyperm openssh-5.8p1/authfile.c >--- openssh-5.8p1/authfile.c.keyperm 2010-12-01 02:03:39.000000000 +0100 >+++ openssh-5.8p1/authfile.c 2011-04-21 22:46:47.660648847 +0200 >@@ -57,6 +57,7 @@ > #include <stdlib.h> > #include <string.h> > #include <unistd.h> >+#include <grp.h> > > #include "xmalloc.h" > #include "cipher.h" >@@ -600,6 +601,13 @@ key_perm_ok(int fd, const char *filename > #ifdef HAVE_CYGWIN > if (check_ntsec(filename)) > #endif >+ if (st.st_mode & 040) { >+ struct group *gr; >+ >+ if ((gr = getgrnam("ssh_keys")) && (st.st_gid == gr->gr_gid)) >+ st.st_mode &= ~040; >+ } >+ > if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) { > error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); > error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @"); >diff -up openssh-5.8p1/Makefile.in.keyperm openssh-5.8p1/Makefile.in >--- openssh-5.8p1/Makefile.in.keyperm 2011-04-21 22:56:01.406773447 +0200 >+++ openssh-5.8p1/Makefile.in 2011-02-04 01:42:13.000000000 +0100 >@@ -268,7 +268,7 @@ install-files: > if test ! -z "$(INSTALL_SSH_RAND_HELPER)" ; then \ > $(INSTALL) -m 0755 $(STRIP_OPT) ssh-rand-helper$(EXEEXT) $(DESTDIR)$(libexecdir)/ssh-rand-helper$(EXEEXT) ; \ > fi >- $(INSTALL) -m 2711 -g ssh_keys $(STRIP_OPT) ssh-keysign$(EXEEXT) $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT) >+ $(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign$(EXEEXT) $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT) > $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT) > $(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT) > $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2035">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1893
: 2035