diff options
| author | Damien Miller <djm@mindrot.org> | 2004-04-20 12:11:57 +0200 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2004-04-20 12:11:57 +0200 |
| commit | 57a4476a69e1d64d051b766b0ac9c9c3ef496864 (patch) | |
| tree | f49bfcdc2e5d23d88d5dd45462a1ad966dc16b9c /ssh-keysign.c | |
| parent | - (djm) [openbsd-compat/sys-queue.h] Sync with OpenBSD, needed for above change (diff) | |
| download | openssh-57a4476a69e1d64d051b766b0ac9c9c3ef496864.tar.xz openssh-57a4476a69e1d64d051b766b0ac9c9c3ef496864.zip | |
- djm@cvs.openbsd.org 2004/04/18 23:10:26
[readconf.c readconf.h ssh-keysign.c ssh.c]
perform strict ownership and modes checks for ~/.ssh/config files,
as these can be used to execute arbitrary programs; ok markus@
NB. ssh will now exit when it detects a config with poor permissions
Diffstat (limited to 'ssh-keysign.c')
| -rw-r--r-- | ssh-keysign.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/ssh-keysign.c b/ssh-keysign.c index 9e9ebe2f1..e642948a0 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: ssh-keysign.c,v 1.15 2004/01/19 21:25:15 markus Exp $"); +RCSID("$OpenBSD: ssh-keysign.c,v 1.16 2004/04/18 23:10:26 djm Exp $"); #include <openssl/evp.h> #include <openssl/rand.h> @@ -168,7 +168,7 @@ main(int argc, char **argv) /* verify that ssh-keysign is enabled by the admin */ original_real_uid = getuid(); /* XXX readconf.c needs this */ initialize_options(&options); - (void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options); + (void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options, 0); fill_default_options(&options); if (options.enable_ssh_keysign != 1) fatal("ssh-keysign not enabled in %s", |