diff options
Diffstat (limited to 'regress/test-exec.sh')
| -rw-r--r-- | regress/test-exec.sh | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/regress/test-exec.sh b/regress/test-exec.sh index b448192e1..c26e47f7f 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: test-exec.sh,v 1.70 2020/01/21 08:06:27 djm Exp $ | 1 | # $OpenBSD: test-exec.sh,v 1.71 2020/01/23 03:42:41 dtucker Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | #SUDO=sudo | 4 | #SUDO=sudo |
| @@ -444,6 +444,29 @@ EOF | |||
| 444 | # be abused to locally escalate privileges. | 444 | # be abused to locally escalate privileges. |
| 445 | if [ ! -z "$TEST_SSH_UNSAFE_PERMISSIONS" ]; then | 445 | if [ ! -z "$TEST_SSH_UNSAFE_PERMISSIONS" ]; then |
| 446 | echo "StrictModes no" >> $OBJ/sshd_config | 446 | echo "StrictModes no" >> $OBJ/sshd_config |
| 447 | else | ||
| 448 | # check and warn if excessive permissions are likely to cause failures. | ||
| 449 | unsafe="" | ||
| 450 | dir="${OBJ}" | ||
| 451 | while test ${dir} != "/"; do | ||
| 452 | perms=`ls -ld ${dir}` | ||
| 453 | case "${perms}" in | ||
| 454 | ?????w????*|????????w?*) unsafe="${unsafe} ${dir}" ;; | ||
| 455 | esac | ||
| 456 | dir=`dirname ${dir}` | ||
| 457 | done | ||
| 458 | if ! test -z "${unsafe}"; then | ||
| 459 | cat <<EOD | ||
| 460 | |||
| 461 | WARNING: Unsafe (group or world writable) directory permissions found: | ||
| 462 | ${unsafe} | ||
| 463 | |||
| 464 | These could be abused to locally escalate privileges. If you are | ||
| 465 | sure that this is not a risk (eg there are no other users), you can | ||
| 466 | bypass this check by setting TEST_SSH_UNSAFE_PERMISSIONS=1 | ||
| 467 | |||
| 468 | EOD | ||
| 469 | fi | ||
| 447 | fi | 470 | fi |
| 448 | 471 | ||
| 449 | if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then | 472 | if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then |