Bugzilla – Attachment 935 Details for
Bug 1060
~/.ssh/config check too strict on systems with per-user groups
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
allow group-writable ~/.ssh/config under certain conditions
ssh-config-group-perms.patch (text/plain), 1021 bytes, created by
Colin Watson
on 2005-07-04 01:35:56 AEST
(
hide
)
Description:
allow group-writable ~/.ssh/config under certain conditions
Filename:
MIME Type:
Creator:
Colin Watson
Created:
2005-07-04 01:35:56 AEST
Size:
1021 bytes
patch
obsolete
>--- readconf.c 30 May 2005 22:13:03 -0000 1.13 >+++ readconf.c 3 Jul 2005 15:33:34 -0000 >@@ -851,11 +851,30 @@ read_config_file(const char *filename, c > > if (checkperm) { > struct stat sb; >+ int bad_modes = 0; > > if (fstat(fileno(f), &sb) == -1) > fatal("fstat %s: %s", filename, strerror(errno)); >- if (((sb.st_uid != 0 && sb.st_uid != getuid()) || >- (sb.st_mode & 022) != 0)) >+ if (sb.st_uid != 0 && sb.st_uid != getuid()) >+ bad_modes = 1; >+ if ((sb.st_mode & 020) != 0) { >+ /* If the file is group-writable, the group in >+ * question must have at most one member, namely the >+ * file's owner. >+ */ >+ struct passwd *pw = getpwuid(sb.st_uid); >+ struct group *gr = getgrgid(sb.st_gid); >+ if (!pw || !gr) >+ bad_modes = 1; >+ else if (gr->gr_mem[0]) { >+ if (strcmp(pw->pw_name, gr->gr_mem[0]) || >+ gr->gr_mem[1]) >+ bad_modes = 1; >+ } >+ } >+ if ((sb.st_mode & 002) != 0) >+ bad_modes = 1; >+ if (bad_modes) > fatal("Bad owner or permissions on %s", filename); > } >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=935">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1060
: 935