Bug 1878 - error message in key_perm_ok should be firmer
Summary: error message in key_perm_ok should be firmer
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: ssh (show other bugs)
Version: 5.8p1
Hardware: All All
: P2 minor
Assignee: Assigned to nobody
URL: https://bugs.launchpad.net/ubuntu/+so...
Keywords:
Depends on:
Blocks: V_5_9
  Show dependency treegraph
 
Reported: 2011-03-14 21:18 AEDT by Colin Watson
Modified: 2015-08-11 23:05 AEST (History)
2 users (show)

See Also:


Attachments
upstream patch (591 bytes, patch)
2015-03-26 20:01 AEDT, Jakub Jelen
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Colin Watson 2011-03-14 21:18:11 AEDT
David Lublink reported the following as an Ubuntu bug:

int
key_perm_ok(int fd, const char *filename)
{
[...]
          error("Permissions 0%3.3o for '%s' are too open.",
              (u_int)st.st_mode & 0777, filename);
          error("It is recommended that your private key files are NOT accessible by others.");
          error("This private key will be ignored.");
          return 0;
     }
     return 1;
}

The text "It is recommended that your private key files are NOT accessible by others." should read "It is not permitted....".

There is no workaround to use a non-protected private key, therefore it is incorrect to say "recommended".
Comment 1 Damien Miller 2011-04-12 15:39:54 AEST
patch applied - thanks
Comment 2 Damien Miller 2011-09-06 15:32:56 AEST
close resolved bugs now that openssh-5.9 has been released
Comment 3 Jakub Jelen 2015-03-26 19:38:15 AEDT
This issue was reintroduced with commit:

https://anongit.mindrot.org/openssh.git/commit/?id=8668706d0f52654fe64c0ca41a96113aeab8d2b8

without any comments or notes. This is regression brought here by refactoring and affecting 6.7 and 6.8 release.
Comment 4 Jakub Jelen 2015-03-26 20:01:09 AEDT
Created attachment 2576 [details]
upstream patch
Comment 5 Damien Miller 2015-04-17 23:32:20 AEST
fixed, again
Comment 6 Damien Miller 2015-08-11 23:05:33 AEST
Set all RESOLVED bugs to CLOSED with release of OpenSSH 7.1