openssh: Update to 5.9p1.

[people/amarx/ipfire-3.x.git] / openssh / patches / openssh-5.8p1-keyperm.patch

diff --git a/openssh/patches/openssh-5.8p1-keyperm.patch b/openssh/patches/openssh-5.8p1-keyperm.patch
new file mode 100644 (file)
index 0000000..6167c14
--- /dev/null
+++ b/openssh/patches/openssh-5.8p1-keyperm.patch
@@ -0,0 +1,25 @@
+diff -up openssh-5.8p1/authfile.c.keyperm openssh-5.8p1/authfile.c
+--- openssh-5.8p1/authfile.c.keyperm   2010-12-01 02:03:39.000000000 +0100
++++ openssh-5.8p1/authfile.c   2011-04-21 16:43:36.859648916 +0200
+@@ -57,6 +57,7 @@
+ #include <stdlib.h>
+ #include <string.h>
+ #include <unistd.h>
++#include <grp.h>
+ 
+ #include "xmalloc.h"
+ #include "cipher.h"
+@@ -600,6 +612,13 @@ key_perm_ok(int fd, const char *filename
+ #ifdef HAVE_CYGWIN
+       if (check_ntsec(filename))
+ #endif
++      if (st.st_mode & 040) {
++              struct group *gr;
++
++              if ((gr = getgrnam("ssh_keys")) && (st.st_gid == gr->gr_gid))
++                      st.st_mode &= ~040;
++      }
++
+       if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) {
+               error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
+               error("@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @");