diff options
author | Damien Miller <djm@mindrot.org> | 2004-04-20 20:11:57 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2004-04-20 20:11:57 +1000 |
commit | 57a4476a69e1d64d051b766b0ac9c9c3ef496864 (patch) | |
tree | f49bfcdc2e5d23d88d5dd45462a1ad966dc16b9c /ssh-keysign.c | |
parent | 1824c071abc61b6a70cd0a077b957bd6e0c80cde (diff) |
- djm@cvs.openbsd.org 2004/04/18 23:10:26
[readconf.c readconf.h ssh-keysign.c ssh.c]
perform strict ownership and modes checks for ~/.ssh/config files,
as these can be used to execute arbitrary programs; ok markus@
NB. ssh will now exit when it detects a config with poor permissions
Diffstat (limited to 'ssh-keysign.c')
-rw-r--r-- | ssh-keysign.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/ssh-keysign.c b/ssh-keysign.c index 9e9ebe2f1..e642948a0 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c | |||
@@ -22,7 +22,7 @@ | |||
22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
23 | */ | 23 | */ |
24 | #include "includes.h" | 24 | #include "includes.h" |
25 | RCSID("$OpenBSD: ssh-keysign.c,v 1.15 2004/01/19 21:25:15 markus Exp $"); | 25 | RCSID("$OpenBSD: ssh-keysign.c,v 1.16 2004/04/18 23:10:26 djm Exp $"); |
26 | 26 | ||
27 | #include <openssl/evp.h> | 27 | #include <openssl/evp.h> |
28 | #include <openssl/rand.h> | 28 | #include <openssl/rand.h> |
@@ -168,7 +168,7 @@ main(int argc, char **argv) | |||
168 | /* verify that ssh-keysign is enabled by the admin */ | 168 | /* verify that ssh-keysign is enabled by the admin */ |
169 | original_real_uid = getuid(); /* XXX readconf.c needs this */ | 169 | original_real_uid = getuid(); /* XXX readconf.c needs this */ |
170 | initialize_options(&options); | 170 | initialize_options(&options); |
171 | (void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options); | 171 | (void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options, 0); |
172 | fill_default_options(&options); | 172 | fill_default_options(&options); |
173 | if (options.enable_ssh_keysign != 1) | 173 | if (options.enable_ssh_keysign != 1) |
174 | fatal("ssh-keysign not enabled in %s", | 174 | fatal("ssh-keysign not enabled in %s", |