diff options
| author |   djm <djm@openbsd.org> | 2004-04-18 23:10:26 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2004-04-18 23:10:26 +0000 |
| commit | 8de77409f1be007789f4be4d5369d248d5dc4bbe (patch) | |
| tree | d2d848d0a96d2040ab30025dc6c5351de0199c5c /usr.bin/ssh/ssh.c | |
| parent | ... and do not pass a NULL map to uvm_fault() either. (diff) | |
| download | wireguard-openbsd-8de77409f1be007789f4be4d5369d248d5dc4bbe.tar.xz wireguard-openbsd-8de77409f1be007789f4be4d5369d248d5dc4bbe.zip | |
perform strict ownership and modes checks for ~/.ssh/config files, as these
can be used to execute arbitrary programs; ok markus@
NB. ssh will now exit when it detects a config with poor permissions
Diffstat (limited to 'usr.bin/ssh/ssh.c')
| -rw-r--r-- | usr.bin/ssh/ssh.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index 48092e10b11..4f0c4e1cbb3 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.209 2004/03/11 10:21:17 markus Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.210 2004/04/18 23:10:26 djm Exp $"); #include <openssl/evp.h> #include <openssl/err.h> @@ -517,16 +517,17 @@ again: * file if the user specifies a config file on the command line. */ if (config != NULL) { - if (!read_config_file(config, host, &options)) + if (!read_config_file(config, host, &options, 0), 0) fatal("Can't open user config file %.100s: " "%.100s", config, strerror(errno)); } else { snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir, _PATH_SSH_USER_CONFFILE); - (void)read_config_file(buf, host, &options); + (void)read_config_file(buf, host, &options, 1); /* Read systemwide configuration file after use config. */ - (void)read_config_file(_PATH_HOST_CONFIG_FILE, host, &options); + (void)read_config_file(_PATH_HOST_CONFIG_FILE, host, + &options, 0); } /* Fill configuration defaults. */ |