[Bug 3277] New: Global ssh_config file permissions are not checked.

bugzilla-daemon Wed, 10 Mar 2021 17:36:32 -0800

https://bugzilla.mindrot.org/show_bug.cgi?id=3277


            Bug ID: 3277
           Summary: Global ssh_config file permissions are not checked.
           Product: Portable OpenSSH
           Version: 8.5p1
          Hardware: Other
                OS: Windows 10
            Status: NEW
          Severity: normal
          Priority: P5
         Component: ssh
          Assignee: [email protected]
          Reporter: [email protected]

This is a rare situation but it can happen by mistake. 

Global ssh_config is not checked for the right file permissions.

If a root user accidentally gives write permissions to non-root users
then it leads to undesirable behavior. 

It's a single line change to add "SSHCONF_CHECKPERM" flag while calling
read_config_file().

https://github.com/openssh/openssh-portable/blob/2421a567a8862fe5102a4e7d60003ebffd1313dd/ssh.c#L585

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 3277] New: Global ssh_config file permissions are not checked.

Reply via email to