search for: key_perm_ok

https://bugzilla.mindrot.org/show_bug.cgi?id=1878 Summary: error message in key_perm_ok should be firmer Product: Portable OpenSSH Version: 5.8p1 Platform: All URL: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug /663455 OS/Version: All Status: NEW Severity: minor Priority...

https://bugzilla.mindrot.org/show_bug.cgi?id=1878 Jakub Jelen <jjelen at redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |REOPENED CC| |jjelen at redhat.com Resolution|FIXED

https://bugzilla.mindrot.org/show_bug.cgi?id=1878 --- Comment #4 from Jakub Jelen <jjelen at redhat.com> --- Created attachment 2576 --> https://bugzilla.mindrot.org/attachment.cgi?id=2576&action=edit upstream patch -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1878 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution|--- |FIXED --- Comment #5 from Damien Miller <djm at

https://bugzilla.mindrot.org/show_bug.cgi?id=1878 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #6 from Damien Miller <djm at mindrot.org> --- Set all RESOLVED bugs to CLOSED with release

...ese, so that standard behavior of ssh is not changed, but when option GroupPrivateKey is used with ssh, it is allowed to have group readable private key? Thank you very much. --- authfile.c.orig Thu Nov 27 15:01:01 2003 +++ authfile.c Thu Nov 27 16:50:39 2003 @@ -496,7 +496,7 @@ } static int -key_perm_ok(int fd, const char *filename) +key_perm_ok(int fd, const char *filename, int group_private_key) { struct stat st; @@ -510,7 +510,10 @@ #ifdef HAVE_CYGWIN if (check_ntsec(filename)) #endif - if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) { + if ((!group_private_key +...

...time on this host, as long and int are the same width, but it is a problem on other hosts where pid_t is wider than int. E.g., I've heard that 64-bit AIX has 64-bit pid_t in some compilation environments. Here is a patch. 2001-09-28 Paul Eggert <eggert at twinsun.com> * authfile.c (key_perm_ok): Work even if system integer types are 'long', not 'int'. * entropy.c (prng_check_seedfile, prng_write_seedfile, prng_read_seedfile): Likewise. * serverloop.c (server_loop, server_loop2): Likewise. * session.c (session_dump, session_by_pid, session_exit_mess...

https://bugzilla.mindrot.org/show_bug.cgi?id=1845 Bug 1845 depends on bug 1878, which changed state. Bug 1878 Summary: error message in key_perm_ok should be firmer https://bugzilla.mindrot.org/show_bug.cgi?id=1878 What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |REOPENED Resolution|FIXED...

https://bugzilla.mindrot.org/show_bug.cgi?id=1845 Bug 1845 depends on bug 1878, which changed state. Bug 1878 Summary: error message in key_perm_ok should be firmer https://bugzilla.mindrot.org/show_bug.cgi?id=1878 What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution|---...

...------- Additional Comments From dtucker at zip.com.au 2004-03-30 14:54 ------- (From update of attachment 337) I re-tested -current (post-3.8p1) on Solaris 2.5.1 w/gcc 3.3.1. >authfd.c:95: warning: implicit declaration of function `strlcpy' These are gone. >authfile.c: In function `key_perm_ok': >authfile.c:517: warning: unsigned int format, long unsigned int arg (arg 2) Gone too. >canohost.c:96: warning: subscript has type `char' Most of these are still there. >channels.c:1199: warning: passing arg 4 of `getsockopt' from incompatible pointer type >channels.c:20...

...low ssh to read alternate key files. This would allow the ssh client to use keyfiles different from the ones sshd uses. I know that this can be done now by changing the ones sshd uses, but I'd rather make ssh the special case. - Allow said key files to be group readable Changing authfile.c:key_perm_ok() to allow group readable keys would allow us to make ssh setgid instead of setuid. Yes, this is insecure if someone is stupid enough to export their key files via NFS or some other such sillyness, but is safe for sane admins. If we do both of the above, ssh can be setgid ssh, and optionally us...

...evision 1.78 diff -u -N -p authfile.c --- authfile.c 11 Jan 2010 04:46:45 -0000 1.78 +++ authfile.c 11 Jan 2010 22:35:04 -0000 @@ -552,8 +552,8 @@ key_load_private_type(int type, const char *filename, strerror(errno)); if (perm_ok != NULL) *perm_ok = 0; - } return NULL; + } if (!key_perm_ok(fd, filename)) { if (perm_ok != NULL) *perm_ok = 0;

My keys are secured with a passphrase. That's good for security, but having to type the passphrase either at every login or at every invocation of ssh(1) is annoying. I know I could invoke ssh-add(1) just before invoking ssh(1), if I keep track of whether I invoked it already, or write some hacky scripts; but the rest of OpenSSH is wonderfully usable without any hacks. Hence, this patch.