summaryrefslogtreecommitdiff
path: root/debian/patches/user-group-modes.patch
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/user-group-modes.patch')
-rw-r--r--debian/patches/user-group-modes.patch28
1 files changed, 14 insertions, 14 deletions
diff --git a/debian/patches/user-group-modes.patch b/debian/patches/user-group-modes.patch
index 1368ccb3c..ddedbf79a 100644
--- a/debian/patches/user-group-modes.patch
+++ b/debian/patches/user-group-modes.patch
@@ -9,7 +9,7 @@ Description: Allow harmless group-writability
9Author: Colin Watson <cjwatson@debian.org> 9Author: Colin Watson <cjwatson@debian.org>
10Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060 10Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060
11Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347 11Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347
12Last-Update: 2010-02-27 12Last-Update: 2013-05-07
13 13
14Index: b/readconf.c 14Index: b/readconf.c
15=================================================================== 15===================================================================
@@ -38,7 +38,7 @@ Index: b/ssh.1
38=================================================================== 38===================================================================
39--- a/ssh.1 39--- a/ssh.1
40+++ b/ssh.1 40+++ b/ssh.1
41@@ -1312,6 +1312,8 @@ 41@@ -1320,6 +1320,8 @@
42 .Xr ssh_config 5 . 42 .Xr ssh_config 5 .
43 Because of the potential for abuse, this file must have strict permissions: 43 Because of the potential for abuse, this file must have strict permissions:
44 read/write for the user, and not accessible by others. 44 read/write for the user, and not accessible by others.
@@ -51,7 +51,7 @@ Index: b/ssh_config.5
51=================================================================== 51===================================================================
52--- a/ssh_config.5 52--- a/ssh_config.5
53+++ b/ssh_config.5 53+++ b/ssh_config.5
54@@ -1342,6 +1342,8 @@ 54@@ -1356,6 +1356,8 @@
55 This file is used by the SSH client. 55 This file is used by the SSH client.
56 Because of the potential for abuse, this file must have strict permissions: 56 Because of the potential for abuse, this file must have strict permissions:
57 read/write for the user, and not accessible by others. 57 read/write for the user, and not accessible by others.
@@ -64,7 +64,7 @@ Index: b/auth.c
64=================================================================== 64===================================================================
65--- a/auth.c 65--- a/auth.c
66+++ b/auth.c 66+++ b/auth.c
67@@ -381,8 +381,7 @@ 67@@ -386,8 +386,7 @@
68 user_hostfile = tilde_expand_filename(userfile, pw->pw_uid); 68 user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);
69 if (options.strict_modes && 69 if (options.strict_modes &&
70 (stat(user_hostfile, &st) == 0) && 70 (stat(user_hostfile, &st) == 0) &&
@@ -74,21 +74,21 @@ Index: b/auth.c
74 logit("Authentication refused for %.100s: " 74 logit("Authentication refused for %.100s: "
75 "bad owner or modes for %.200s", 75 "bad owner or modes for %.200s",
76 pw->pw_name, user_hostfile); 76 pw->pw_name, user_hostfile);
77@@ -443,8 +442,7 @@ 77@@ -449,8 +448,7 @@
78 78 snprintf(err, errlen, "%s is not a regular file", buf);
79 /* check the open file to avoid races */ 79 return -1;
80 if (fstat(fileno(f), &st) < 0 || 80 }
81- (st.st_uid != 0 && st.st_uid != uid) || 81- if ((!platform_sys_dir_uid(stp->st_uid) && stp->st_uid != uid) ||
82- (st.st_mode & 022) != 0) { 82- (stp->st_mode & 022) != 0) {
83+ !secure_permissions(&st, uid)) { 83+ if (!secure_permissions(stp, uid)) {
84 snprintf(err, errlen, "bad ownership or modes for file %s", 84 snprintf(err, errlen, "bad ownership or modes for file %s",
85 buf); 85 buf);
86 return -1; 86 return -1;
87@@ -459,8 +457,7 @@ 87@@ -465,8 +463,7 @@
88 strlcpy(buf, cp, sizeof(buf)); 88 strlcpy(buf, cp, sizeof(buf));
89 89
90 if (stat(buf, &st) < 0 || 90 if (stat(buf, &st) < 0 ||
91- (st.st_uid != 0 && st.st_uid != uid) || 91- (!platform_sys_dir_uid(st.st_uid) && st.st_uid != uid) ||
92- (st.st_mode & 022) != 0) { 92- (st.st_mode & 022) != 0) {
93+ !secure_permissions(&st, uid)) { 93+ !secure_permissions(&st, uid)) {
94 snprintf(err, errlen, 94 snprintf(err, errlen,
@@ -115,7 +115,7 @@ Index: b/misc.c
115 int 115 int
116+secure_permissions(struct stat *st, uid_t uid) 116+secure_permissions(struct stat *st, uid_t uid)
117+{ 117+{
118+ if (st->st_uid != 0 && st->st_uid != uid) 118+ if (!platform_sys_dir_uid(st->st_uid) && st->st_uid != uid)
119+ return 0; 119+ return 0;
120+ if ((st->st_mode & 002) != 0) 120+ if ((st->st_mode & 002) != 0)
121+ return 0; 121+ return 0;