From 57a4476a69e1d64d051b766b0ac9c9c3ef496864 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 20 Apr 2004 20:11:57 +1000 Subject: - djm@cvs.openbsd.org 2004/04/18 23:10:26 [readconf.c readconf.h ssh-keysign.c ssh.c] perform strict ownership and modes checks for ~/.ssh/config files, as these can be used to execute arbitrary programs; ok markus@ NB. ssh will now exit when it detects a config with poor permissions --- ssh.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'ssh.c') diff --git a/ssh.c b/ssh.c index e655e68da..53d7f0f56 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.209 2004/03/11 10:21:17 markus Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.210 2004/04/18 23:10:26 djm Exp $"); #include #include @@ -526,16 +526,17 @@ again: * file if the user specifies a config file on the command line. */ if (config != NULL) { - if (!read_config_file(config, host, &options)) + if (!read_config_file(config, host, &options, 0), 0) fatal("Can't open user config file %.100s: " "%.100s", config, strerror(errno)); } else { snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir, _PATH_SSH_USER_CONFFILE); - (void)read_config_file(buf, host, &options); + (void)read_config_file(buf, host, &options, 1); /* Read systemwide configuration file after use config. */ - (void)read_config_file(_PATH_HOST_CONFIG_FILE, host, &options); + (void)read_config_file(_PATH_HOST_CONFIG_FILE, host, + &options, 0); } /* Fill configuration defaults. */ -- cgit v1.2.3