- djm@cvs.openbsd.org 2004/04/18 23:10:26

[readconf.c readconf.h ssh-keysign.c ssh.c] perform strict ownership and modes checks for ~/.ssh/config files, as these can be used to execute arbitrary programs; ok markus@ NB. ssh will now exit when it detects a config with poor permissions
author: Damien Miller <djm@mindrot.org> 2004-04-20 20:11:57 +1000
committer: Damien Miller <djm@mindrot.org> 2004-04-20 20:11:57 +1000
commit: 57a4476a69e1d64d051b766b0ac9c9c3ef496864 (patch)
tree: f49bfcdc2e5d23d88d5dd45462a1ad966dc16b9c /ssh-keysign.c
parent: 1824c071abc61b6a70cd0a077b957bd6e0c80cde (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/ssh-keysign.c b/ssh-keysign.c
index 9e9ebe2f1..e642948a0 100644
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -22,7 +22,7 @@
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keysign.c,v 1.15 2004/01/19 21:25:15 markus Exp $");
+RCSID("$OpenBSD: ssh-keysign.c,v 1.16 2004/04/18 23:10:26 djm Exp $");
 #include <openssl/evp.h>
 #include <openssl/rand.h>
@@ -168,7 +168,7 @@ main(int argc, char **argv)
        /* verify that ssh-keysign is enabled by the admin */
        original_real_uid = getuid();   /* XXX readconf.c needs this */
        initialize_options(&options);
-        (void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options);
+        (void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options, 0);
        fill_default_options(&options);
        if (options.enable_ssh_keysign != 1)
                fatal("ssh-keysign not enabled in %s",
author	Damien Miller <djm@mindrot.org>	2004-04-20 20:11:57 +1000
committer	Damien Miller <djm@mindrot.org>	2004-04-20 20:11:57 +1000
commit	57a4476a69e1d64d051b766b0ac9c9c3ef496864 (patch)
tree	f49bfcdc2e5d23d88d5dd45462a1ad966dc16b9c /ssh-keysign.c
parent	1824c071abc61b6a70cd0a077b957bd6e0c80cde (diff)

diff --git a/ssh-keysign.c b/ssh-keysign.c index 9e9ebe2f1..e642948a0 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c
@@ -22,7 +22,7 @@
22	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	22	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23	*/	23	*/
24	#include "includes.h"	24	#include "includes.h"
25	RCSID("$OpenBSD: ssh-keysign.c,v 1.15 2004/01/19 21:25:15 markus Exp $");	25	RCSID("$OpenBSD: ssh-keysign.c,v 1.16 2004/04/18 23:10:26 djm Exp $");
26		26
27	#include <openssl/evp.h>	27	#include <openssl/evp.h>
28	#include <openssl/rand.h>	28	#include <openssl/rand.h>
@@ -168,7 +168,7 @@ main(int argc, char **argv)
168	/* verify that ssh-keysign is enabled by the admin */	168	/* verify that ssh-keysign is enabled by the admin */
169	original_real_uid = getuid(); /* XXX readconf.c needs this */	169	original_real_uid = getuid(); /* XXX readconf.c needs this */
170	initialize_options(&options);	170	initialize_options(&options);
171	(void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options);	171	(void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options, 0);
172	fill_default_options(&options);	172	fill_default_options(&options);
173	if (options.enable_ssh_keysign != 1)	173	if (options.enable_ssh_keysign != 1)
174	fatal("ssh-keysign not enabled in %s",	174	fatal("ssh-keysign not enabled in %s",