From 7e1323102b1b04eef391b01e180710a2d408a7ab Mon Sep 17 00:00:00 2001
From: "dtucker@openbsd.org" <dtucker@openbsd.org>
Date: Thu, 23 Jan 2020 03:42:41 +0000
Subject: upstream: Check for and warn about StrictModes permission problems.
 ok tb@

OpenBSD-Regress-ID: 4841704ccdee50ee7efc6035bc686695c6ac2991
---
 regress/test-exec.sh | 25 ++++++++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

diff --git a/regress/test-exec.sh b/regress/test-exec.sh
index b448192e1..c26e47f7f 100644
--- a/regress/test-exec.sh
+++ b/regress/test-exec.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: test-exec.sh,v 1.70 2020/01/21 08:06:27 djm Exp $
+#	$OpenBSD: test-exec.sh,v 1.71 2020/01/23 03:42:41 dtucker Exp $
 #	Placed in the Public Domain.
 
 #SUDO=sudo
@@ -444,6 +444,29 @@ EOF
 # be abused to locally escalate privileges.
 if [ ! -z "$TEST_SSH_UNSAFE_PERMISSIONS" ]; then
 	echo "StrictModes no" >> $OBJ/sshd_config
+else
+	# check and warn if excessive permissions are likely to cause failures.
+	unsafe=""
+	dir="${OBJ}"
+	while test ${dir} != "/"; do
+		perms=`ls -ld ${dir}`
+		case "${perms}" in
+			?????w????*|????????w?*) unsafe="${unsafe} ${dir}" ;;
+		esac
+		dir=`dirname ${dir}`
+	done
+	if ! test  -z "${unsafe}"; then
+		cat <<EOD
+
+WARNING: Unsafe (group or world writable) directory permissions found:
+${unsafe}
+
+These could be abused to locally escalate privileges.  If you are
+sure that this is not a risk (eg there are no other users), you can
+bypass this check by setting TEST_SSH_UNSAFE_PERMISSIONS=1
+
+EOD
+	fi
 fi
 
 if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then
-- 
cgit v1.2.3