summaryrefslogtreecommitdiff
path: root/backport-openssh-6.6p1-keyperm.patch
diff options
context:
space:
mode:
Diffstat (limited to 'backport-openssh-6.6p1-keyperm.patch')
-rw-r--r--backport-openssh-6.6p1-keyperm.patch32
1 files changed, 32 insertions, 0 deletions
diff --git a/backport-openssh-6.6p1-keyperm.patch b/backport-openssh-6.6p1-keyperm.patch
new file mode 100644
index 0000000..c243707
--- /dev/null
+++ b/backport-openssh-6.6p1-keyperm.patch
@@ -0,0 +1,32 @@
+diff -up openssh-8.2p1/authfile.c.keyperm openssh-8.2p1/authfile.c
+--- openssh-8.2p1/authfile.c.keyperm 2020-02-14 01:40:54.000000000 +0100
++++ openssh-8.2p1/authfile.c 2020-02-17 11:55:12.841729758 +0100
+Reference:https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/backport-openssh-6.6p1-keyperm.patch
+@@ -31,6 +31,7 @@
+
+ #include <errno.h>
+ #include <fcntl.h>
++#include <grp.h>
+ #include <stdio.h>
+ #include <stdarg.h>
+ #include <stdlib.h>
+@@ -101,7 +102,19 @@ sshkey_perm_ok(int fd, const char *filen
+ #ifdef HAVE_CYGWIN
+ if (check_ntsec(filename))
+ #endif
++
+ if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) {
++ if (st.st_mode & 040) {
++ struct group *gr;
++
++ if ((gr = getgrnam("ssh_keys")) && (st.st_gid == gr->gr_gid)) {
++ /* The only additional bit is read
++ * for ssh_keys group, which is fine */
++ if ((st.st_mode & 077) == 040 ) {
++ return 0;
++ }
++ }
++ }
+ error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
+ error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @");
+ error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-29 18:41:06 +0000