1 files changed, 84 insertions, 0 deletions
diff --git a/debian/patches/user-group-modes.patch b/debian/patches/user-group-modes.patch
new file mode 100644
index 000000000..375a098f9
--- /dev/null
+++ b/debian/patches/user-group-modes.patch
@@ -0,0 +1,84 @@
+Description: Allow harmless group-writability
+ Allow ~/.ssh/config to be group-writable, provided that the group in
+ question contains only the file's owner.  Rejected upstream for IMO
+ incorrect reasons (e.g. a misunderstanding about the contents of
+ gr->gr_mem).  Given that per-user groups and umask 002 are the default
+ setup in Debian (for good reasons - this makes operating in setgid
+ directories with other groups much easier), we need to permit this.
+Author: Colin Watson <cjwatson@debian.org>
+Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347
+Last-Update: 2010-02-27
+Index: b/readconf.c
+===================================================================
+--- a/readconf.c
+++ b/readconf.c
+@@ -28,6 +28,8 @@
+ #include <stdio.h>
+ #include <string.h>
+ #include <unistd.h>
+#include <pwd.h>
+#include <grp.h>
+ 
+ #include "xmalloc.h"
+ #include "ssh.h"
+@@ -1000,11 +1002,30 @@
+ 
+        if (checkperm) {
+                struct stat sb;
+               int bad_modes = 0;
+ 
+                if (fstat(fileno(f), &sb) == -1)
+                        fatal("fstat %s: %s", filename, strerror(errno));
+-               if (((sb.st_uid != 0 && sb.st_uid != getuid()) ||
+-                   (sb.st_mode & 022) != 0))
+               if (sb.st_uid != 0 && sb.st_uid != getuid())
+                       bad_modes = 1;
+               if ((sb.st_mode & 020) != 0) {
+                       /* If the file is group-writable, the group in
+                        * question must have at most one member, namely the
+                        * file's owner.
+                        */
+                       struct passwd *pw = getpwuid(sb.st_uid);
+                       struct group *gr = getgrgid(sb.st_gid);
+                       if (!pw || !gr)
+                               bad_modes = 1;
+                       else if (gr->gr_mem[0]) {
+                               if (strcmp(pw->pw_name, gr->gr_mem[0]) ||
+                                   gr->gr_mem[1])
+                                       bad_modes = 1;
+                       }
+               }
+               if ((sb.st_mode & 002) != 0)
+                       bad_modes = 1;
+               if (bad_modes)
+                        fatal("Bad owner or permissions on %s", filename);
+        }
+ 
+Index: b/ssh.1
+===================================================================
+--- a/ssh.1
+++ b/ssh.1
+@@ -1326,6 +1326,8 @@
+ .Xr ssh_config 5 .
+ Because of the potential for abuse, this file must have strict permissions:
+ read/write for the user, and not accessible by others.
+It may be group-writable provided that the group in question contains only
+the user.
+ .Pp
+ .It ~/.ssh/environment
+ Contains additional definitions for environment variables; see
+Index: b/ssh_config.5
+===================================================================
+--- a/ssh_config.5
+++ b/ssh_config.5
+@@ -1208,6 +1208,8 @@
+ This file is used by the SSH client.
+ Because of the potential for abuse, this file must have strict permissions:
+ read/write for the user, and not accessible by others.
+It may be group-writable provided that the group in question contains only
+the user.
+ .It Pa /etc/ssh/ssh_config
+ Systemwide configuration file.
+ This file provides defaults for those

diff --git a/debian/patches/user-group-modes.patch b/debian/patches/user-group-modes.patch new file mode 100644 index 000000000..375a098f9 --- /dev/null +++ b/debian/patches/user-group-modes.patch
@@ -0,0 +1,84 @@
	1	Description: Allow harmless group-writability
	2	Allow ~/.ssh/config to be group-writable, provided that the group in
	3	question contains only the file's owner. Rejected upstream for IMO
	4	incorrect reasons (e.g. a misunderstanding about the contents of
	5	gr->gr_mem). Given that per-user groups and umask 002 are the default
	6	setup in Debian (for good reasons - this makes operating in setgid
	7	directories with other groups much easier), we need to permit this.
	8	Author: Colin Watson <cjwatson@debian.org>
	9	Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060
	10	Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347
	11	Last-Update: 2010-02-27
	12
	13	Index: b/readconf.c
	14	===================================================================
	15	--- a/readconf.c
	16	+++ b/readconf.c
	17	@@ -28,6 +28,8 @@
	18	#include <stdio.h>
	19	#include <string.h>
	20	#include <unistd.h>
	21	+#include <pwd.h>
	22	+#include <grp.h>
	23
	24	#include "xmalloc.h"
	25	#include "ssh.h"
	26	@@ -1000,11 +1002,30 @@
	27
	28	if (checkperm) {
	29	struct stat sb;
	30	+ int bad_modes = 0;
	31
	32	if (fstat(fileno(f), &sb) == -1)
	33	fatal("fstat %s: %s", filename, strerror(errno));
	34	- if (((sb.st_uid != 0 && sb.st_uid != getuid()) \|\|
	35	- (sb.st_mode & 022) != 0))
	36	+ if (sb.st_uid != 0 && sb.st_uid != getuid())
	37	+ bad_modes = 1;
	38	+ if ((sb.st_mode & 020) != 0) {
	39	+ /* If the file is group-writable, the group in
	40	+ * question must have at most one member, namely the
	41	+ * file's owner.
	42	+ */
	43	+ struct passwd *pw = getpwuid(sb.st_uid);
	44	+ struct group *gr = getgrgid(sb.st_gid);
	45	+ if (!pw \|\| !gr)
	46	+ bad_modes = 1;
	47	+ else if (gr->gr_mem[0]) {
	48	+ if (strcmp(pw->pw_name, gr->gr_mem[0]) \|\|
	49	+ gr->gr_mem[1])
	50	+ bad_modes = 1;
	51	+ }
	52	+ }
	53	+ if ((sb.st_mode & 002) != 0)
	54	+ bad_modes = 1;
	55	+ if (bad_modes)
	56	fatal("Bad owner or permissions on %s", filename);
	57	}
	58
	59	Index: b/ssh.1
	60	===================================================================
	61	--- a/ssh.1
	62	+++ b/ssh.1
	63	@@ -1326,6 +1326,8 @@
	64	.Xr ssh_config 5 .
	65	Because of the potential for abuse, this file must have strict permissions:
	66	read/write for the user, and not accessible by others.
	67	+It may be group-writable provided that the group in question contains only
	68	+the user.
	69	.Pp
	70	.It ~/.ssh/environment
	71	Contains additional definitions for environment variables; see
	72	Index: b/ssh_config.5
	73	===================================================================
	74	--- a/ssh_config.5
	75	+++ b/ssh_config.5
	76	@@ -1208,6 +1208,8 @@
	77	This file is used by the SSH client.
	78	Because of the potential for abuse, this file must have strict permissions:
	79	read/write for the user, and not accessible by others.
	80	+It may be group-writable provided that the group in question contains only
	81	+the user.
	82	.It Pa /etc/ssh/ssh_config
	83	Systemwide configuration file.
	84	This file provides defaults for those