[
https://issues.apache.org/jira/browse/SSHD-584?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15013427#comment-15013427
]
Goldstein Lyor commented on SSHD-584:
-------------------------------------
Actually, it seems we are *both* right (and so is the Wiki) even according to
the reply you had:
{quote}
As far as I'm aware, none of the developers have anything to do with the wiki
page. The man pages should describe the correct behaviour and the source should
implement it :)
{quote}
To quote from the [OpenSSH ssh_config(5) man
page|http://linux.die.net/man/5/ssh_config] in the *Files* section:
{quote}
Because of the potential for abuse, this file must have strict permissions:
read/write for the user, and not accessible by others.
{quote}
On the other hand, other _man_ pages for the *same* entry say what you claim:
{quote}
It may be group-writable provided that the group in question contains only the
user.
{quote}
Because of this ambiguity I am willing to accept the change. However, the code
you published in the pull request only checks the owner and not the group
(which I can live with...)
> permisison of ~/.ssh/config with group/world readable is legal
> --------------------------------------------------------------
>
> Key: SSHD-584
> URL: https://issues.apache.org/jira/browse/SSHD-584
> Project: MINA SSHD
> Issue Type: Bug
> Affects Versions: 1.1.0
> Environment: build
> Reporter: Alon Bar-Lev
>
> Got this exception:
> ---
> testAttributes(org.apache.sshd.client.subsystem.sftp.SftpFileSystemTest)
> Time elapsed: 5.581 sec <<< ERROR!
> java.io.IOException: String permission violation (GROUP_READ) for
> /home/alonbl/.ssh/config
> at
> org.apache.sshd.client.config.hosts.DefaultConfigFileHostEntryResolver.reloadHostConfigEntries(DefaultConfigFileHostEntryResolver.java:80)
> at
> org.apache.sshd.client.config.hosts.ConfigFileHostEntryResolver.resolveEffectiveResolver(ConfigFileHostEntryResolver.java:86)
> at
> org.apache.sshd.client.config.hosts.ConfigFileHostEntryResolver.resolveEffectiveHost(ConfigFileHostEntryResolver.java:59)
> at org.apache.sshd.client.SshClient.connect(SshClient.java:339)
> at
> org.apache.sshd.client.subsystem.sftp.SftpFileSystemProvider.newFileSystem(SftpFileSystemProvider.java:177)
> at
> org.apache.sshd.client.subsystem.sftp.SftpFileSystemProvider.newFileSystem(SftpFileSystemProvider.java:87)
> at java.nio.file.FileSystems.newFileSystem(FileSystems.java:322)
> at java.nio.file.FileSystems.newFileSystem(FileSystems.java:272)
> at
> org.apache.sshd.client.subsystem.sftp.SftpFileSystemTest.testAttributes(SftpFileSystemTest.java:136)
> ---
> While ssh code enforces only world/group writeable at
> readconf.c::read_config_file:
> ---
> if (flags & SSHCONF_CHECKPERM) {
> struct stat sb;
> if (fstat(fileno(f), &sb) == -1)
> fatal("fstat %s: %s", filename, strerror(errno));
> if (((sb.st_uid != 0 && sb.st_uid != getuid()) ||
> (sb.st_mode & 022) != 0))
> fatal("Bad owner or permissions on %s", filename);
> }
> ---
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
