diff options
Diffstat (limited to 'debian/patches/user-group-modes.patch')
-rw-r--r-- | debian/patches/user-group-modes.patch | 40 |
1 files changed, 21 insertions, 19 deletions
diff --git a/debian/patches/user-group-modes.patch b/debian/patches/user-group-modes.patch index 3bd2fd91f..e08b6c7b7 100644 --- a/debian/patches/user-group-modes.patch +++ b/debian/patches/user-group-modes.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 563974a78e937c4844e1198b5f6d79b8b2b5c600 Mon Sep 17 00:00:00 2001 | 1 | From df060c830ad66289a93be24268f3f70e7021be29 Mon Sep 17 00:00:00 2001 |
2 | From: Colin Watson <cjwatson@debian.org> | 2 | From: Colin Watson <cjwatson@debian.org> |
3 | Date: Sun, 9 Feb 2014 16:09:58 +0000 | 3 | Date: Sun, 9 Feb 2014 16:09:58 +0000 |
4 | Subject: Allow harmless group-writability | 4 | Subject: Allow harmless group-writability |
@@ -28,10 +28,10 @@ Patch-Name: user-group-modes.patch | |||
28 | 8 files changed, 80 insertions(+), 29 deletions(-) | 28 | 8 files changed, 80 insertions(+), 29 deletions(-) |
29 | 29 | ||
30 | diff --git a/auth-rhosts.c b/auth-rhosts.c | 30 | diff --git a/auth-rhosts.c b/auth-rhosts.c |
31 | index 0ef3447..c17c13c 100644 | 31 | index ecf956f0..4dccd5e6 100644 |
32 | --- a/auth-rhosts.c | 32 | --- a/auth-rhosts.c |
33 | +++ b/auth-rhosts.c | 33 | +++ b/auth-rhosts.c |
34 | @@ -273,8 +273,7 @@ auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostnam | 34 | @@ -261,8 +261,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, |
35 | return 0; | 35 | return 0; |
36 | } | 36 | } |
37 | if (options.strict_modes && | 37 | if (options.strict_modes && |
@@ -41,7 +41,7 @@ index 0ef3447..c17c13c 100644 | |||
41 | logit("Rhosts authentication refused for %.100s: " | 41 | logit("Rhosts authentication refused for %.100s: " |
42 | "bad ownership or modes for home directory.", pw->pw_name); | 42 | "bad ownership or modes for home directory.", pw->pw_name); |
43 | auth_debug_add("Rhosts authentication refused for %.100s: " | 43 | auth_debug_add("Rhosts authentication refused for %.100s: " |
44 | @@ -300,8 +299,7 @@ auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostnam | 44 | @@ -288,8 +287,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, |
45 | * allowing access to their account by anyone. | 45 | * allowing access to their account by anyone. |
46 | */ | 46 | */ |
47 | if (options.strict_modes && | 47 | if (options.strict_modes && |
@@ -52,10 +52,10 @@ index 0ef3447..c17c13c 100644 | |||
52 | pw->pw_name, buf); | 52 | pw->pw_name, buf); |
53 | auth_debug_add("Bad file modes for %.200s", buf); | 53 | auth_debug_add("Bad file modes for %.200s", buf); |
54 | diff --git a/auth.c b/auth.c | 54 | diff --git a/auth.c b/auth.c |
55 | index f56dcc6..3f8b348 100644 | 55 | index c6390687..90390724 100644 |
56 | --- a/auth.c | 56 | --- a/auth.c |
57 | +++ b/auth.c | 57 | +++ b/auth.c |
58 | @@ -435,8 +435,7 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host, | 58 | @@ -444,8 +444,7 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host, |
59 | user_hostfile = tilde_expand_filename(userfile, pw->pw_uid); | 59 | user_hostfile = tilde_expand_filename(userfile, pw->pw_uid); |
60 | if (options.strict_modes && | 60 | if (options.strict_modes && |
61 | (stat(user_hostfile, &st) == 0) && | 61 | (stat(user_hostfile, &st) == 0) && |
@@ -65,7 +65,7 @@ index f56dcc6..3f8b348 100644 | |||
65 | logit("Authentication refused for %.100s: " | 65 | logit("Authentication refused for %.100s: " |
66 | "bad owner or modes for %.200s", | 66 | "bad owner or modes for %.200s", |
67 | pw->pw_name, user_hostfile); | 67 | pw->pw_name, user_hostfile); |
68 | @@ -498,8 +497,7 @@ auth_secure_path(const char *name, struct stat *stp, const char *pw_dir, | 68 | @@ -507,8 +506,7 @@ auth_secure_path(const char *name, struct stat *stp, const char *pw_dir, |
69 | snprintf(err, errlen, "%s is not a regular file", buf); | 69 | snprintf(err, errlen, "%s is not a regular file", buf); |
70 | return -1; | 70 | return -1; |
71 | } | 71 | } |
@@ -75,7 +75,7 @@ index f56dcc6..3f8b348 100644 | |||
75 | snprintf(err, errlen, "bad ownership or modes for file %s", | 75 | snprintf(err, errlen, "bad ownership or modes for file %s", |
76 | buf); | 76 | buf); |
77 | return -1; | 77 | return -1; |
78 | @@ -514,8 +512,7 @@ auth_secure_path(const char *name, struct stat *stp, const char *pw_dir, | 78 | @@ -523,8 +521,7 @@ auth_secure_path(const char *name, struct stat *stp, const char *pw_dir, |
79 | strlcpy(buf, cp, sizeof(buf)); | 79 | strlcpy(buf, cp, sizeof(buf)); |
80 | 80 | ||
81 | if (stat(buf, &st) < 0 || | 81 | if (stat(buf, &st) < 0 || |
@@ -86,7 +86,7 @@ index f56dcc6..3f8b348 100644 | |||
86 | "bad ownership or modes for directory %s", buf); | 86 | "bad ownership or modes for directory %s", buf); |
87 | return -1; | 87 | return -1; |
88 | diff --git a/misc.c b/misc.c | 88 | diff --git a/misc.c b/misc.c |
89 | index 9421b4d..68efb2b 100644 | 89 | index 65c9222a..bf9153a6 100644 |
90 | --- a/misc.c | 90 | --- a/misc.c |
91 | +++ b/misc.c | 91 | +++ b/misc.c |
92 | @@ -51,8 +51,9 @@ | 92 | @@ -51,8 +51,9 @@ |
@@ -181,21 +181,23 @@ index 9421b4d..68efb2b 100644 | |||
181 | tun_open(int tun, int mode) | 181 | tun_open(int tun, int mode) |
182 | { | 182 | { |
183 | diff --git a/misc.h b/misc.h | 183 | diff --git a/misc.h b/misc.h |
184 | index 7c76a6a..42cd95e 100644 | 184 | index c242f901..8b223b55 100644 |
185 | --- a/misc.h | 185 | --- a/misc.h |
186 | +++ b/misc.h | 186 | +++ b/misc.h |
187 | @@ -139,4 +139,6 @@ char *read_passphrase(const char *, int); | 187 | @@ -143,6 +143,8 @@ char *read_passphrase(const char *, int); |
188 | int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2))); | 188 | int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2))); |
189 | int read_keyfile_line(FILE *, const char *, char *, size_t, u_long *); | 189 | int read_keyfile_line(FILE *, const char *, char *, size_t, u_long *); |
190 | 190 | ||
191 | +int secure_permissions(struct stat *st, uid_t uid); | 191 | +int secure_permissions(struct stat *st, uid_t uid); |
192 | + | 192 | + |
193 | #endif /* _MISC_H */ | 193 | #define MINIMUM(a, b) (((a) < (b)) ? (a) : (b)) |
194 | #define MAXIMUM(a, b) (((a) > (b)) ? (a) : (b)) | ||
195 | #define ROUNDUP(x, y) ((((x)+((y)-1))/(y))*(y)) | ||
194 | diff --git a/platform.c b/platform.c | 196 | diff --git a/platform.c b/platform.c |
195 | index 4831706..2ce4dbf 100644 | 197 | index cd7bf566..380ee3a4 100644 |
196 | --- a/platform.c | 198 | --- a/platform.c |
197 | +++ b/platform.c | 199 | +++ b/platform.c |
198 | @@ -199,19 +199,3 @@ platform_krb5_get_principal_name(const char *pw_name) | 200 | @@ -197,19 +197,3 @@ platform_krb5_get_principal_name(const char *pw_name) |
199 | return NULL; | 201 | return NULL; |
200 | #endif | 202 | #endif |
201 | } | 203 | } |
@@ -216,10 +218,10 @@ index 4831706..2ce4dbf 100644 | |||
216 | - return 0; | 218 | - return 0; |
217 | -} | 219 | -} |
218 | diff --git a/readconf.c b/readconf.c | 220 | diff --git a/readconf.c b/readconf.c |
219 | index 3a6c67b..f6b4c8f 100644 | 221 | index 3efba242..c02cdf63 100644 |
220 | --- a/readconf.c | 222 | --- a/readconf.c |
221 | +++ b/readconf.c | 223 | +++ b/readconf.c |
222 | @@ -1753,8 +1753,7 @@ read_config_file_depth(const char *filename, struct passwd *pw, | 224 | @@ -1752,8 +1752,7 @@ read_config_file_depth(const char *filename, struct passwd *pw, |
223 | 225 | ||
224 | if (fstat(fileno(f), &sb) == -1) | 226 | if (fstat(fileno(f), &sb) == -1) |
225 | fatal("fstat %s: %s", filename, strerror(errno)); | 227 | fatal("fstat %s: %s", filename, strerror(errno)); |
@@ -230,7 +232,7 @@ index 3a6c67b..f6b4c8f 100644 | |||
230 | } | 232 | } |
231 | 233 | ||
232 | diff --git a/ssh.1 b/ssh.1 | 234 | diff --git a/ssh.1 b/ssh.1 |
233 | index 4011c65..feef81a 100644 | 235 | index 4011c65a..feef81a5 100644 |
234 | --- a/ssh.1 | 236 | --- a/ssh.1 |
235 | +++ b/ssh.1 | 237 | +++ b/ssh.1 |
236 | @@ -1484,6 +1484,8 @@ The file format and configuration options are described in | 238 | @@ -1484,6 +1484,8 @@ The file format and configuration options are described in |
@@ -243,10 +245,10 @@ index 4011c65..feef81a 100644 | |||
243 | .It Pa ~/.ssh/environment | 245 | .It Pa ~/.ssh/environment |
244 | Contains additional definitions for environment variables; see | 246 | Contains additional definitions for environment variables; see |
245 | diff --git a/ssh_config.5 b/ssh_config.5 | 247 | diff --git a/ssh_config.5 b/ssh_config.5 |
246 | index efc265a..5dd26bc 100644 | 248 | index 32fd100d..f62ea6b8 100644 |
247 | --- a/ssh_config.5 | 249 | --- a/ssh_config.5 |
248 | +++ b/ssh_config.5 | 250 | +++ b/ssh_config.5 |
249 | @@ -1903,6 +1903,8 @@ The format of this file is described above. | 251 | @@ -1803,6 +1803,8 @@ The format of this file is described above. |
250 | This file is used by the SSH client. | 252 | This file is used by the SSH client. |
251 | Because of the potential for abuse, this file must have strict permissions: | 253 | Because of the potential for abuse, this file must have strict permissions: |
252 | read/write for the user, and not accessible by others. | 254 | read/write for the user, and not accessible by others. |