1 files changed, 68 insertions, 1 deletions
diff --git a/misc.c b/misc.c
index c3c809943..eb57bfc1b 100644
--- a/misc.c
+++ b/misc.c
@@ -48,8 +48,9 @@
 #include <netdb.h>
 #ifdef HAVE_PATHS_H
 # include <paths.h>
-#include <pwd.h>
 #endif
+#include <pwd.h>
+#include <grp.h>
 #ifdef SSH_TUN_OPENBSD
 #include <net/if.h>
 #endif
@@ -58,6 +59,7 @@
 #include "misc.h"
 #include "log.h"
 #include "ssh.h"
+#include "platform.h"
 /* remove newline at end of string */
 char *
@@ -642,6 +644,71 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz,
        return -1;
 }
+/*
+ * return 1 if the specified uid is a uid that may own a system directory
+ * otherwise 0.
+ */
+int
+platform_sys_dir_uid(uid_t uid)
+{
+        if (uid == 0)
+                return 1;
+#ifdef PLATFORM_SYS_DIR_UID
+        if (uid == PLATFORM_SYS_DIR_UID)
+                return 1;
+#endif
+        return 0;
+}
+int
+secure_permissions(struct stat *st, uid_t uid)
+{
+        if (!platform_sys_dir_uid(st->st_uid) && st->st_uid != uid)
+                return 0;
+        if ((st->st_mode & 002) != 0)
+                return 0;
+        if ((st->st_mode & 020) != 0) {
+                /* If the file is group-writable, the group in question must
+                 * have exactly one member, namely the file's owner.
+                 * (Zero-member groups are typically used by setgid
+                 * binaries, and are unlikely to be suitable.)
+                 */
+                struct passwd *pw;
+                struct group *gr;
+                int members = 0;
+                gr = getgrgid(st->st_gid);
+                if (!gr)
+                        return 0;
+                /* Check primary group memberships. */
+                while ((pw = getpwent()) != NULL) {
+                        if (pw->pw_gid == gr->gr_gid) {
+                                ++members;
+                                if (pw->pw_uid != uid)
+                                        return 0;
+                        }
+                }
+                endpwent();
+                pw = getpwuid(st->st_uid);
+                if (!pw)
+                        return 0;
+                /* Check supplementary group memberships. */
+                if (gr->gr_mem[0]) {
+                        ++members;
+                        if (strcmp(pw->pw_name, gr->gr_mem[0]) ||
+                            gr->gr_mem[1])
+                                return 0;
+                }
+                if (!members)
+                        return 0;
+        }
+        return 1;
+}
 int
 tun_open(int tun, int mode)
 {

diff --git a/misc.c b/misc.c index c3c809943..eb57bfc1b 100644 --- a/misc.c +++ b/misc.c
@@ -48,8 +48,9 @@
48	#include <netdb.h>	48	#include <netdb.h>
49	#ifdef HAVE_PATHS_H	49	#ifdef HAVE_PATHS_H
50	# include <paths.h>	50	# include <paths.h>
51	#include <pwd.h>
52	#endif	51	#endif
		52	#include <pwd.h>
		53	#include <grp.h>
53	#ifdef SSH_TUN_OPENBSD	54	#ifdef SSH_TUN_OPENBSD
54	#include <net/if.h>	55	#include <net/if.h>
55	#endif	56	#endif
@@ -58,6 +59,7 @@
58	#include "misc.h"	59	#include "misc.h"
59	#include "log.h"	60	#include "log.h"
60	#include "ssh.h"	61	#include "ssh.h"
		62	#include "platform.h"
61		63
62	/* remove newline at end of string */	64	/* remove newline at end of string */
63	char *	65	char *
@@ -642,6 +644,71 @@ read_keyfile_line(FILE f, const char filename, char *buf, size_t bufsz,
642	return -1;	644	return -1;
643	}	645	}
644		646
		647	/*
		648	* return 1 if the specified uid is a uid that may own a system directory
		649	* otherwise 0.
		650	*/
		651	int
		652	platform_sys_dir_uid(uid_t uid)
		653	{
		654	if (uid == 0)
		655	return 1;
		656	#ifdef PLATFORM_SYS_DIR_UID
		657	if (uid == PLATFORM_SYS_DIR_UID)
		658	return 1;
		659	#endif
		660	return 0;
		661	}
		662
		663	int
		664	secure_permissions(struct stat *st, uid_t uid)
		665	{
		666	if (!platform_sys_dir_uid(st->st_uid) && st->st_uid != uid)
		667	return 0;
		668	if ((st->st_mode & 002) != 0)
		669	return 0;
		670	if ((st->st_mode & 020) != 0) {
		671	/* If the file is group-writable, the group in question must
		672	* have exactly one member, namely the file's owner.
		673	* (Zero-member groups are typically used by setgid
		674	* binaries, and are unlikely to be suitable.)
		675	*/
		676	struct passwd *pw;
		677	struct group *gr;
		678	int members = 0;
		679
		680	gr = getgrgid(st->st_gid);
		681	if (!gr)
		682	return 0;
		683
		684	/* Check primary group memberships. */
		685	while ((pw = getpwent()) != NULL) {
		686	if (pw->pw_gid == gr->gr_gid) {
		687	++members;
		688	if (pw->pw_uid != uid)
		689	return 0;
		690	}
		691	}
		692	endpwent();
		693
		694	pw = getpwuid(st->st_uid);
		695	if (!pw)
		696	return 0;
		697
		698	/* Check supplementary group memberships. */
		699	if (gr->gr_mem[0]) {
		700	++members;
		701	if (strcmp(pw->pw_name, gr->gr_mem[0]) \|\|
		702	gr->gr_mem[1])
		703	return 0;
		704	}
		705
		706	if (!members)
		707	return 0;
		708	}
		709	return 1;
		710	}
		711
645	int	712	int
646	tun_open(int tun, int mode)	713	tun_open(int tun, int mode)
647	{	714	{