diff options
| author |   djm <djm@openbsd.org> | 2004-04-18 23:10:26 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2004-04-18 23:10:26 +0000 |
| commit | 8de77409f1be007789f4be4d5369d248d5dc4bbe (patch) | |
| tree | d2d848d0a96d2040ab30025dc6c5351de0199c5c /usr.bin/ssh/ssh-keysign.c | |
| parent | ... and do not pass a NULL map to uvm_fault() either. (diff) | |
| download | wireguard-openbsd-8de77409f1be007789f4be4d5369d248d5dc4bbe.tar.xz wireguard-openbsd-8de77409f1be007789f4be4d5369d248d5dc4bbe.zip | |
perform strict ownership and modes checks for ~/.ssh/config files, as these
can be used to execute arbitrary programs; ok markus@
NB. ssh will now exit when it detects a config with poor permissions
Diffstat (limited to 'usr.bin/ssh/ssh-keysign.c')
| -rw-r--r-- | usr.bin/ssh/ssh-keysign.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/usr.bin/ssh/ssh-keysign.c b/usr.bin/ssh/ssh-keysign.c index 04650dcb2d0..00bd046fdf6 100644 --- a/usr.bin/ssh/ssh-keysign.c +++ b/usr.bin/ssh/ssh-keysign.c @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: ssh-keysign.c,v 1.15 2004/01/19 21:25:15 markus Exp $"); +RCSID("$OpenBSD: ssh-keysign.c,v 1.16 2004/04/18 23:10:26 djm Exp $"); #include <openssl/evp.h> #include <openssl/rand.h> @@ -158,7 +158,7 @@ main(int argc, char **argv) /* verify that ssh-keysign is enabled by the admin */ original_real_uid = getuid(); /* XXX readconf.c needs this */ initialize_options(&options); - (void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options); + (void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options, 0); fill_default_options(&options); if (options.enable_ssh_keysign != 1) fatal("ssh-keysign not enabled in %s", |