diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2001-09-23 13:53:22 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2001-09-23 13:53:22 +0000 |
commit | 7aff2613d95d0d4c272f5d22f6c22d08542d72b1 (patch) | |
tree | c60a86d4581304b023ff174ddc97c1ed3a098278 | |
parent | 15da033b34c007c22d37dca64a407049f9520aff (diff) |
- markus@cvs.openbsd.org 2001/09/23 11:09:13
[authfile.c]
relax permission check for private key files.
-rw-r--r-- | authfile.c | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/authfile.c b/authfile.c index b4b985c95..cf2957dde 100644 --- a/authfile.c +++ b/authfile.c | |||
@@ -36,7 +36,7 @@ | |||
36 | */ | 36 | */ |
37 | 37 | ||
38 | #include "includes.h" | 38 | #include "includes.h" |
39 | RCSID("$OpenBSD: authfile.c,v 1.37 2001/06/23 15:12:17 itojun Exp $"); | 39 | RCSID("$OpenBSD: authfile.c,v 1.38 2001/09/23 11:09:13 markus Exp $"); |
40 | 40 | ||
41 | #include <openssl/err.h> | 41 | #include <openssl/err.h> |
42 | #include <openssl/evp.h> | 42 | #include <openssl/evp.h> |
@@ -486,18 +486,21 @@ key_perm_ok(int fd, const char *filename) | |||
486 | { | 486 | { |
487 | struct stat st; | 487 | struct stat st; |
488 | 488 | ||
489 | /* check owner and modes */ | 489 | if (fstat(fd, &st) < 0) |
490 | return 0; | ||
491 | /* | ||
492 | * if a key owned by the user is accessed, then we check the | ||
493 | * permissions of the file. if the key owned by a different user, | ||
494 | * then we don't care. | ||
495 | */ | ||
490 | #ifdef HAVE_CYGWIN | 496 | #ifdef HAVE_CYGWIN |
491 | if (check_ntsec(filename)) | 497 | if (check_ntsec(filename)) |
492 | #endif | 498 | #endif |
493 | if (fstat(fd, &st) < 0 || | 499 | if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) { |
494 | (st.st_uid != 0 && getuid() != 0 && st.st_uid != getuid()) || | ||
495 | (st.st_mode & 077) != 0) { | ||
496 | close(fd); | ||
497 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); | 500 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); |
498 | error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @"); | 501 | error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @"); |
499 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); | 502 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); |
500 | error("Bad ownership or mode(0%3.3o) for '%s'.", | 503 | error("Permissions 0%3.3o for '%s' are too open.", |
501 | st.st_mode & 0777, filename); | 504 | st.st_mode & 0777, filename); |
502 | error("It is recommended that your private key files are NOT accessible by others."); | 505 | error("It is recommended that your private key files are NOT accessible by others."); |
503 | error("This private key will be ignored."); | 506 | error("This private key will be ignored."); |