diff options
| -rw-r--r-- | ChangeLog | 7 | ||||
| -rw-r--r-- | readconf.c | 23 | ||||
| -rw-r--r-- | readconf.h | 4 | ||||
| -rw-r--r-- | ssh-keysign.c | 4 | ||||
| -rw-r--r-- | ssh.c | 9 |
5 files changed, 34 insertions, 13 deletions
| @@ -4,6 +4,11 @@ | |||
| 4 | [sshconnect2.c] | 4 | [sshconnect2.c] |
| 5 | swap the last two parameters to TAILQ_FOREACH_REVERSE. matches what FreeBSD and NetBSD do. | 5 | swap the last two parameters to TAILQ_FOREACH_REVERSE. matches what FreeBSD and NetBSD do. |
| 6 | ok millert@ mcbride@ markus@ ho@, checked to not affect ports by naddy@ | 6 | ok millert@ mcbride@ markus@ ho@, checked to not affect ports by naddy@ |
| 7 | - djm@cvs.openbsd.org 2004/04/18 23:10:26 | ||
| 8 | [readconf.c readconf.h ssh-keysign.c ssh.c] | ||
| 9 | perform strict ownership and modes checks for ~/.ssh/config files, | ||
| 10 | as these can be used to execute arbitrary programs; ok markus@ | ||
| 11 | NB. ssh will now exit when it detects a config with poor permissions | ||
| 7 | - (djm) [openbsd-compat/sys-queue.h] Sync with OpenBSD, needed for above change | 12 | - (djm) [openbsd-compat/sys-queue.h] Sync with OpenBSD, needed for above change |
| 8 | 13 | ||
| 9 | 20040419 | 14 | 20040419 |
| @@ -1009,4 +1014,4 @@ | |||
| 1009 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 1014 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
| 1010 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 1015 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
| 1011 | 1016 | ||
| 1012 | $Id: ChangeLog,v 1.3323 2004/04/20 10:10:46 djm Exp $ | 1017 | $Id: ChangeLog,v 1.3324 2004/04/20 10:11:57 djm Exp $ |
diff --git a/readconf.c b/readconf.c index ce0d1f753..096d1a71b 100644 --- a/readconf.c +++ b/readconf.c | |||
| @@ -12,7 +12,7 @@ | |||
| 12 | */ | 12 | */ |
| 13 | 13 | ||
| 14 | #include "includes.h" | 14 | #include "includes.h" |
| 15 | RCSID("$OpenBSD: readconf.c,v 1.128 2004/03/05 10:53:58 markus Exp $"); | 15 | RCSID("$OpenBSD: readconf.c,v 1.129 2004/04/18 23:10:26 djm Exp $"); |
| 16 | 16 | ||
| 17 | #include "ssh.h" | 17 | #include "ssh.h" |
| 18 | #include "xmalloc.h" | 18 | #include "xmalloc.h" |
| @@ -779,7 +779,8 @@ parse_int: | |||
| 779 | */ | 779 | */ |
| 780 | 780 | ||
| 781 | int | 781 | int |
| 782 | read_config_file(const char *filename, const char *host, Options *options) | 782 | read_config_file(const char *filename, const char *host, Options *options, |
| 783 | int checkperm) | ||
| 783 | { | 784 | { |
| 784 | FILE *f; | 785 | FILE *f; |
| 785 | char line[1024]; | 786 | char line[1024]; |
| @@ -787,10 +788,24 @@ read_config_file(const char *filename, const char *host, Options *options) | |||
| 787 | int bad_options = 0; | 788 | int bad_options = 0; |
| 788 | 789 | ||
| 789 | /* Open the file. */ | 790 | /* Open the file. */ |
| 790 | f = fopen(filename, "r"); | 791 | if ((f = fopen(filename, "r")) == NULL) |
| 791 | if (!f) | ||
| 792 | return 0; | 792 | return 0; |
| 793 | 793 | ||
| 794 | if (checkperm) { | ||
| 795 | struct stat sb; | ||
| 796 | |||
| 797 | if (fstat(fileno(f), &sb) == -1) { | ||
| 798 | fatal("fstat %s: %s", filename, strerror(errno)); | ||
| 799 | fclose(f); | ||
| 800 | return (0); | ||
| 801 | } | ||
| 802 | if (((sb.st_uid != 0 && sb.st_uid != getuid()) || | ||
| 803 | (sb.st_mode & 022) != 0)) { | ||
| 804 | fatal("Bad owner or permissions on %s", filename); | ||
| 805 | return 0; | ||
| 806 | } | ||
| 807 | } | ||
| 808 | |||
| 794 | debug("Reading configuration data %.200s", filename); | 809 | debug("Reading configuration data %.200s", filename); |
| 795 | 810 | ||
| 796 | /* | 811 | /* |
diff --git a/readconf.h b/readconf.h index 93d833cee..9d70fee67 100644 --- a/readconf.h +++ b/readconf.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: readconf.h,v 1.60 2004/03/05 10:53:58 markus Exp $ */ | 1 | /* $OpenBSD: readconf.h,v 1.61 2004/04/18 23:10:26 djm Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| @@ -108,7 +108,7 @@ typedef struct { | |||
| 108 | 108 | ||
| 109 | void initialize_options(Options *); | 109 | void initialize_options(Options *); |
| 110 | void fill_default_options(Options *); | 110 | void fill_default_options(Options *); |
| 111 | int read_config_file(const char *, const char *, Options *); | 111 | int read_config_file(const char *, const char *, Options *, int); |
| 112 | 112 | ||
| 113 | int | 113 | int |
| 114 | process_config_line(Options *, const char *, char *, const char *, int, int *); | 114 | process_config_line(Options *, const char *, char *, const char *, int, int *); |
diff --git a/ssh-keysign.c b/ssh-keysign.c index 9e9ebe2f1..e642948a0 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c | |||
| @@ -22,7 +22,7 @@ | |||
| 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 23 | */ | 23 | */ |
| 24 | #include "includes.h" | 24 | #include "includes.h" |
| 25 | RCSID("$OpenBSD: ssh-keysign.c,v 1.15 2004/01/19 21:25:15 markus Exp $"); | 25 | RCSID("$OpenBSD: ssh-keysign.c,v 1.16 2004/04/18 23:10:26 djm Exp $"); |
| 26 | 26 | ||
| 27 | #include <openssl/evp.h> | 27 | #include <openssl/evp.h> |
| 28 | #include <openssl/rand.h> | 28 | #include <openssl/rand.h> |
| @@ -168,7 +168,7 @@ main(int argc, char **argv) | |||
| 168 | /* verify that ssh-keysign is enabled by the admin */ | 168 | /* verify that ssh-keysign is enabled by the admin */ |
| 169 | original_real_uid = getuid(); /* XXX readconf.c needs this */ | 169 | original_real_uid = getuid(); /* XXX readconf.c needs this */ |
| 170 | initialize_options(&options); | 170 | initialize_options(&options); |
| 171 | (void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options); | 171 | (void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options, 0); |
| 172 | fill_default_options(&options); | 172 | fill_default_options(&options); |
| 173 | if (options.enable_ssh_keysign != 1) | 173 | if (options.enable_ssh_keysign != 1) |
| 174 | fatal("ssh-keysign not enabled in %s", | 174 | fatal("ssh-keysign not enabled in %s", |
| @@ -40,7 +40,7 @@ | |||
| 40 | */ | 40 | */ |
| 41 | 41 | ||
| 42 | #include "includes.h" | 42 | #include "includes.h" |
| 43 | RCSID("$OpenBSD: ssh.c,v 1.209 2004/03/11 10:21:17 markus Exp $"); | 43 | RCSID("$OpenBSD: ssh.c,v 1.210 2004/04/18 23:10:26 djm Exp $"); |
| 44 | 44 | ||
| 45 | #include <openssl/evp.h> | 45 | #include <openssl/evp.h> |
| 46 | #include <openssl/err.h> | 46 | #include <openssl/err.h> |
| @@ -526,16 +526,17 @@ again: | |||
| 526 | * file if the user specifies a config file on the command line. | 526 | * file if the user specifies a config file on the command line. |
| 527 | */ | 527 | */ |
| 528 | if (config != NULL) { | 528 | if (config != NULL) { |
| 529 | if (!read_config_file(config, host, &options)) | 529 | if (!read_config_file(config, host, &options, 0), 0) |
| 530 | fatal("Can't open user config file %.100s: " | 530 | fatal("Can't open user config file %.100s: " |
| 531 | "%.100s", config, strerror(errno)); | 531 | "%.100s", config, strerror(errno)); |
| 532 | } else { | 532 | } else { |
| 533 | snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir, | 533 | snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir, |
| 534 | _PATH_SSH_USER_CONFFILE); | 534 | _PATH_SSH_USER_CONFFILE); |
| 535 | (void)read_config_file(buf, host, &options); | 535 | (void)read_config_file(buf, host, &options, 1); |
| 536 | 536 | ||
| 537 | /* Read systemwide configuration file after use config. */ | 537 | /* Read systemwide configuration file after use config. */ |
| 538 | (void)read_config_file(_PATH_HOST_CONFIG_FILE, host, &options); | 538 | (void)read_config_file(_PATH_HOST_CONFIG_FILE, host, |
| 539 | &options, 0); | ||
| 539 | } | 540 | } |
| 540 | 541 | ||
| 541 | /* Fill configuration defaults. */ | 542 | /* Fill configuration defaults. */ |