Synopsis: Add a feature to OpenSSH sftp-server(8) that allows overriding file
modes provided by an SFTP client.
Category: enhancement
Environment:
System : OpenBSD 5.3
Details : OpenBSD 5.3 (GENERIC) #53: Tue Mar 12 18:15:44 MDT 2013
[email protected]:/usr/src/sys/arch/amd64/com
pile/GENERIC
Architecture: OpenBSD.amd64
Machine : amd64
Description:
OpenSSH's sftp-server does not provide a way of overriding the file
permissions sent to it by a client for an SSH2_FXP_OPEN or SSH2_FXP_MKDIR. An
SFTP client that sends over any set of permissions, even insane ones like
0757, will be allowed to do so. There are cases where it would be quite
helpful to scrub file permissions, and I've attached a patch against CURRENT's
usr.bin/ssh/sftp-server.c that does so.
How-To-Repeat:
Set insane permissions on a file. SFTP it somewhere.
Fix:
See the attached patch. It adds a -M flag to sftp-server(8) which
overrides
received file modes.
[demime 1.01d removed an attachment of type application/octet-stream which had
a name of sftp_server_mode_override.patch]
