Bug 1878 - error message in key_perm_ok should be firmer
Summary: error message in key_perm_ok should be firmer
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: ssh (show other bugs)
Version: 5.8p1
Hardware: All All
: P2 minor
Assignee: Assigned to nobody
URL: https://bugs.launchpad.net/ubuntu/+so...
Keywords:
Depends on:
Blocks: V_5_9
  Show dependency treegraph
 
Reported: 2011-03-14 21:18 AEDT by Colin Watson
Modified: 2015-08-11 23:05 AEST (History)
2 users (show)

See Also:

Attachments
upstream patch (591 bytes, patch)
2015-03-26 20:01 AEDT, Jakub Jelen 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Colin Watson 2011-03-14 21:18:11 AEDT 
David Lublink reported the following as an Ubuntu bug:

int
key_perm_ok(int fd, const char *filename)
{
[...]
          error("Permissions 0%3.3o for '%s' are too open.",
              (u_int)st.st_mode & 0777, filename);
          error("It is recommended that your private key files are NOT accessible by others.");
          error("This private key will be ignored.");
          return 0;
     }
     return 1;
}

The text "It is recommended that your private key files are NOT accessible by others." should read "It is not permitted....".

There is no workaround to use a non-protected private key, therefore it is incorrect to say "recommended".
Comment 1 Damien Miller 2011-04-12 15:39:54 AEST 
patch applied - thanks
Comment 2 Damien Miller 2011-09-06 15:32:56 AEST 
close resolved bugs now that openssh-5.9 has been released
Comment 3 Jakub Jelen 2015-03-26 19:38:15 AEDT 
This issue was reintroduced with commit:

https://anongit.mindrot.org/openssh.git/commit/?id=8668706d0f52654fe64c0ca41a96113aeab8d2b8

without any comments or notes. This is regression brought here by refactoring and affecting 6.7 and 6.8 release.
Comment 4 Jakub Jelen 2015-03-26 20:01:09 AEDT 
Created attachment 2576 [details]
upstream patch
Comment 5 Damien Miller 2015-04-17 23:32:20 AEST 
fixed, again
Comment 6 Damien Miller 2015-08-11 23:05:33 AEST 
Set all RESOLVED bugs to CLOSED with release of OpenSSH 7.1