summaryrefslogtreecommitdiff
path: root/readconf.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2004-04-20 20:11:57 +1000
committerDamien Miller <djm@mindrot.org>2004-04-20 20:11:57 +1000
commit57a4476a69e1d64d051b766b0ac9c9c3ef496864 (patch)
treef49bfcdc2e5d23d88d5dd45462a1ad966dc16b9c /readconf.c
parent1824c071abc61b6a70cd0a077b957bd6e0c80cde (diff)
- djm@cvs.openbsd.org 2004/04/18 23:10:26
[readconf.c readconf.h ssh-keysign.c ssh.c] perform strict ownership and modes checks for ~/.ssh/config files, as these can be used to execute arbitrary programs; ok markus@ NB. ssh will now exit when it detects a config with poor permissions
Diffstat (limited to 'readconf.c')
-rw-r--r--readconf.c23
1 files changed, 19 insertions, 4 deletions
diff --git a/readconf.c b/readconf.c
index ce0d1f75..096d1a71 100644
--- a/readconf.c
+++ b/readconf.c
@@ -12,7 +12,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.128 2004/03/05 10:53:58 markus Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.129 2004/04/18 23:10:26 djm Exp $");
#include "ssh.h"
#include "xmalloc.h"
@@ -779,7 +779,8 @@ parse_int:
*/
int
-read_config_file(const char *filename, const char *host, Options *options)
+read_config_file(const char *filename, const char *host, Options *options,
+ int checkperm)
{
FILE *f;
char line[1024];
@@ -787,10 +788,24 @@ read_config_file(const char *filename, const char *host, Options *options)
int bad_options = 0;
/* Open the file. */
- f = fopen(filename, "r");
- if (!f)
+ if ((f = fopen(filename, "r")) == NULL)
return 0;
+ if (checkperm) {
+ struct stat sb;
+
+ if (fstat(fileno(f), &sb) == -1) {
+ fatal("fstat %s: %s", filename, strerror(errno));
+ fclose(f);
+ return (0);
+ }
+ if (((sb.st_uid != 0 && sb.st_uid != getuid()) ||
+ (sb.st_mode & 022) != 0)) {
+ fatal("Bad owner or permissions on %s", filename);
+ return 0;
+ }
+ }
+
debug("Reading configuration data %.200s", filename);
/*