2 files changed, 23 insertions, 2 deletions
diff --git a/debian/changelog b/debian/changelog
index 94334d2c6..20efb8980 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,6 +7,8 @@ openssh (1:4.1p1-5) UNRELEASED; urgency=low
  * Ship README.dns (closes: #284874).
  * Disable btmp logging, since Debian's /var/log/btmp has inappropriate
    permissions (closes: #314956).
+  * Allow ~/.ssh/config to be group-writable, provided that the group in
+    question contains only the file's owner (closes: #314347).
  * debconf template translations:
    - Update Brazilian Portuguese (thanks, André Luís Lopes;
      closes: #315477).
diff --git a/readconf.c b/readconf.c
index 6c0511519..be14cd5b8 100644
--- a/readconf.c
+++ b/readconf.c
@@ -851,11 +851,30 @@ read_config_file(const char *filename, const char *host, Options *options,
        if (checkperm) {
                struct stat sb;
+                int bad_modes = 0;
                if (fstat(fileno(f), &sb) == -1)
                        fatal("fstat %s: %s", filename, strerror(errno));
-                if (((sb.st_uid != 0 && sb.st_uid != getuid()) ||
+                if (sb.st_uid != 0 && sb.st_uid != getuid())
-                    (sb.st_mode & 022) != 0))
+                        bad_modes = 1;
+                if ((sb.st_mode & 020) != 0) {
+                        /* If the file is group-writable, the group in
+                         * question must have at most one member, namely the
+                         * file's owner.
+                         */
+                        struct passwd *pw = getpwuid(sb.st_uid);
+                        struct group *gr = getgrgid(sb.st_gid);
+                        if (!pw || !gr)
+                                bad_modes = 1;
+                        else if (gr->gr_mem[0]) {
+                                if (strcmp(pw->pw_name, gr->gr_mem[0]) ||
+                                    gr->gr_mem[1])
+                                        bad_modes = 1;
+                        }
+                }
+                if ((sb.st_mode & 002) != 0)
+                        bad_modes = 1;
+                if (bad_modes)
                        fatal("Bad owner or permissions on %s", filename);
        }

diff --git a/debian/changelog b/debian/changelog index 94334d2c6..20efb8980 100644 --- a/debian/changelog +++ b/debian/changelog
@@ -7,6 +7,8 @@ openssh (1:4.1p1-5) UNRELEASED; urgency=low
7	* Ship README.dns (closes: #284874).	7	* Ship README.dns (closes: #284874).
8	* Disable btmp logging, since Debian's /var/log/btmp has inappropriate	8	* Disable btmp logging, since Debian's /var/log/btmp has inappropriate
9	permissions (closes: #314956).	9	permissions (closes: #314956).
		10	* Allow ~/.ssh/config to be group-writable, provided that the group in
		11	question contains only the file's owner (closes: #314347).
10	* debconf template translations:	12	* debconf template translations:
11	- Update Brazilian Portuguese (thanks, André Luís Lopes;	13	- Update Brazilian Portuguese (thanks, André Luís Lopes;
12	closes: #315477).	14	closes: #315477).


diff --git a/readconf.c b/readconf.c index 6c0511519..be14cd5b8 100644 --- a/readconf.c +++ b/readconf.c
@@ -851,11 +851,30 @@ read_config_file(const char filename, const char host, Options *options,
851		851
852	if (checkperm) {	852	if (checkperm) {
853	struct stat sb;	853	struct stat sb;
		854	int bad_modes = 0;
854		855
855	if (fstat(fileno(f), &sb) == -1)	856	if (fstat(fileno(f), &sb) == -1)
856	fatal("fstat %s: %s", filename, strerror(errno));	857	fatal("fstat %s: %s", filename, strerror(errno));
857	if (((sb.st_uid != 0 && sb.st_uid != getuid()) \|\|	858	if (sb.st_uid != 0 && sb.st_uid != getuid())
858	(sb.st_mode & 022) != 0))	859	bad_modes = 1;
		860	if ((sb.st_mode & 020) != 0) {
		861	/* If the file is group-writable, the group in
		862	* question must have at most one member, namely the
		863	* file's owner.
		864	*/
		865	struct passwd *pw = getpwuid(sb.st_uid);
		866	struct group *gr = getgrgid(sb.st_gid);
		867	if (!pw \|\| !gr)
		868	bad_modes = 1;
		869	else if (gr->gr_mem[0]) {
		870	if (strcmp(pw->pw_name, gr->gr_mem[0]) \|\|
		871	gr->gr_mem[1])
		872	bad_modes = 1;
		873	}
		874	}
		875	if ((sb.st_mode & 002) != 0)
		876	bad_modes = 1;
		877	if (bad_modes)
859	fatal("Bad owner or permissions on %s", filename);	878	fatal("Bad owner or permissions on %s", filename);
860	}	879	}
861		880