2020-02-17 10:57:35 +00:00
|
|
|
diff -up openssh-8.2p1/authfile.c.keyperm openssh-8.2p1/authfile.c
|
|
|
|
|
--- openssh-8.2p1/authfile.c.keyperm 2020-02-14 01:40:54.000000000 +0100
|
|
|
|
|
+++ openssh-8.2p1/authfile.c 2020-02-17 11:55:12.841729758 +0100
|
|
|
|
|
@@ -31,6 +31,7 @@
|
2011-04-21 15:22:18 +00:00
|
|
|
|
2014-06-03 14:51:07 +00:00
|
|
|
#include <errno.h>
|
|
|
|
|
#include <fcntl.h>
|
|
|
|
|
+#include <grp.h>
|
|
|
|
|
#include <stdio.h>
|
2015-01-20 12:18:45 +00:00
|
|
|
#include <stdarg.h>
|
2014-06-03 14:51:07 +00:00
|
|
|
#include <stdlib.h>
|
2020-02-17 10:57:35 +00:00
|
|
|
@@ -101,7 +102,19 @@ sshkey_perm_ok(int fd, const char *filen
|
2011-04-21 15:22:18 +00:00
|
|
|
#ifdef HAVE_CYGWIN
|
|
|
|
|
if (check_ntsec(filename))
|
|
|
|
|
#endif
|
|
|
|
|
+
|
|
|
|
|
if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) {
|
2020-02-17 10:57:35 +00:00
|
|
|
+ if (st.st_mode & 040) {
|
|
|
|
|
+ struct group *gr;
|
|
|
|
|
+
|
|
|
|
|
+ if ((gr = getgrnam("ssh_keys")) && (st.st_gid == gr->gr_gid)) {
|
|
|
|
|
+ /* The only additional bit is read
|
|
|
|
|
+ * for ssh_keys group, which is fine */
|
|
|
|
|
+ if ((st.st_mode & 077) == 040 ) {
|
|
|
|
|
+ return 0;
|
|
|
|
|
+ }
|
|
|
|
|
+ }
|
|
|
|
|
+ }
|
2011-04-21 15:22:18 +00:00
|
|
|
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
|
|
|
|
|
error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @");
|
2020-02-17 10:57:35 +00:00
|
|
|
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
|
