This is a rare situation but it can happen by mistake. Global ssh_config is not checked for the right file permissions. If a root user accidentally gives write permissions to non-root users then it leads to undesirable behavior. It's a single line change to add "SSHCONF_CHECKPERM" flag while calling read_config_file(). https://github.com/openssh/openssh-portable/blob/2421a567a8862fe5102a4e7d60003ebffd1313dd/ssh.c#L585
I'm wondering if there are use cases where someone might want to do this, eg - making ssh_config group writable by an admin group - using Match and Include to delegate a subset of the config to another group
retarget after 8.6p1 release
I'm inclined to agree and to not add additional checking - ssh should aim to protect the user against misconfiguration, but it's IMO overkill to detect serious admin misconfiguration. On one hand, as Darren points out, a too strict definition of "misconfiguration" might break working setups. On the other, how far should a user tool go towards checking the system is in an expected state? Should it check the permissions on /etc/passwd? /dev/*? etc.
Closing. Feel free to reopen if you have a good argument for this.
closing bugs resolved before openssh-8.9