Allow ~/.ssh/config to be group-writable, provided that the group in

question contains only the file's owner (closes: #314347).
author: Colin Watson <cjwatson@debian.org> 2005-07-03 15:43:31 +0000
committer: Colin Watson <cjwatson@debian.org> 2005-07-03 15:43:31 +0000
commit: 3fa5dc696b1bdf5eca90aca8c6213ceea187afbb (patch)
tree: 796053e59295809a80dbc95e66c80b446d17ebf4 /readconf.c
parent: 2ea0ed9ad0cef7da4e105987963027e249a8f528 (diff)
1 files changed, 21 insertions, 2 deletions
diff --git a/readconf.c b/readconf.c
index 6c0511519..be14cd5b8 100644
--- a/readconf.c
+++ b/readconf.c
@@ -851,11 +851,30 @@ read_config_file(const char *filename, const char *host, Options *options,
        if (checkperm) {
                struct stat sb;
+                int bad_modes = 0;
                if (fstat(fileno(f), &sb) == -1)
                        fatal("fstat %s: %s", filename, strerror(errno));
-                if (((sb.st_uid != 0 && sb.st_uid != getuid()) ||
+                if (sb.st_uid != 0 && sb.st_uid != getuid())
-                    (sb.st_mode & 022) != 0))
+                        bad_modes = 1;
+                if ((sb.st_mode & 020) != 0) {
+                        /* If the file is group-writable, the group in
+                         * question must have at most one member, namely the
+                         * file's owner.
+                         */
+                        struct passwd *pw = getpwuid(sb.st_uid);
+                        struct group *gr = getgrgid(sb.st_gid);
+                        if (!pw || !gr)
+                                bad_modes = 1;
+                        else if (gr->gr_mem[0]) {
+                                if (strcmp(pw->pw_name, gr->gr_mem[0]) ||
+                                    gr->gr_mem[1])
+                                        bad_modes = 1;
+                        }
+                }
+                if ((sb.st_mode & 002) != 0)
+                        bad_modes = 1;
+                if (bad_modes)
                        fatal("Bad owner or permissions on %s", filename);
        }
author	Colin Watson <cjwatson@debian.org>	2005-07-03 15:43:31 +0000
committer	Colin Watson <cjwatson@debian.org>	2005-07-03 15:43:31 +0000
commit	3fa5dc696b1bdf5eca90aca8c6213ceea187afbb (patch)
tree	796053e59295809a80dbc95e66c80b446d17ebf4 /readconf.c
parent	2ea0ed9ad0cef7da4e105987963027e249a8f528 (diff)

diff --git a/readconf.c b/readconf.c index 6c0511519..be14cd5b8 100644 --- a/readconf.c +++ b/readconf.c
@@ -851,11 +851,30 @@ read_config_file(const char filename, const char host, Options *options,
851		851
852	if (checkperm) {	852	if (checkperm) {
853	struct stat sb;	853	struct stat sb;
		854	int bad_modes = 0;
854		855
855	if (fstat(fileno(f), &sb) == -1)	856	if (fstat(fileno(f), &sb) == -1)
856	fatal("fstat %s: %s", filename, strerror(errno));	857	fatal("fstat %s: %s", filename, strerror(errno));
857	if (((sb.st_uid != 0 && sb.st_uid != getuid()) \|\|	858	if (sb.st_uid != 0 && sb.st_uid != getuid())
858	(sb.st_mode & 022) != 0))	859	bad_modes = 1;
		860	if ((sb.st_mode & 020) != 0) {
		861	/* If the file is group-writable, the group in
		862	* question must have at most one member, namely the
		863	* file's owner.
		864	*/
		865	struct passwd *pw = getpwuid(sb.st_uid);
		866	struct group *gr = getgrgid(sb.st_gid);
		867	if (!pw \|\| !gr)
		868	bad_modes = 1;
		869	else if (gr->gr_mem[0]) {
		870	if (strcmp(pw->pw_name, gr->gr_mem[0]) \|\|
		871	gr->gr_mem[1])
		872	bad_modes = 1;
		873	}
		874	}
		875	if ((sb.st_mode & 002) != 0)
		876	bad_modes = 1;
		877	if (bad_modes)
859	fatal("Bad owner or permissions on %s", filename);	878	fatal("Bad owner or permissions on %s", filename);
860	}	879	}
861		880