- djm@cvs.openbsd.org 2004/04/18 23:10:26

[readconf.c readconf.h ssh-keysign.c ssh.c] perform strict ownership and modes checks for ~/.ssh/config files, as these can be used to execute arbitrary programs; ok markus@ NB. ssh will now exit when it detects a config with poor permissions
author: Damien Miller <djm@mindrot.org> 2004-04-20 20:11:57 +1000
committer: Damien Miller <djm@mindrot.org> 2004-04-20 20:11:57 +1000
commit: 57a4476a69e1d64d051b766b0ac9c9c3ef496864 (patch)
tree: f49bfcdc2e5d23d88d5dd45462a1ad966dc16b9c /ssh-keysign.c
parent: 1824c071abc61b6a70cd0a077b957bd6e0c80cde (diff)
download: openssh-git-57a4476a69e1d64d051b766b0ac9c9c3ef496864.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/ssh-keysign.c b/ssh-keysign.c
index 9e9ebe2f..e642948a 100644
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -22,7 +22,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keysign.c,v 1.15 2004/01/19 21:25:15 markus Exp $");
+RCSID("$OpenBSD: ssh-keysign.c,v 1.16 2004/04/18 23:10:26 djm Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/rand.h>
@@ -168,7 +168,7 @@ main(int argc, char **argv)
 	/* verify that ssh-keysign is enabled by the admin */
 	original_real_uid = getuid();	/* XXX readconf.c needs this */
 	initialize_options(&options);
-	(void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options);
+	(void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options, 0);
 	fill_default_options(&options);
 	if (options.enable_ssh_keysign != 1)
 		fatal("ssh-keysign not enabled in %s",
author	Damien Miller <djm@mindrot.org>	2004-04-20 20:11:57 +1000
committer	Damien Miller <djm@mindrot.org>	2004-04-20 20:11:57 +1000
commit	57a4476a69e1d64d051b766b0ac9c9c3ef496864 (patch)
tree	f49bfcdc2e5d23d88d5dd45462a1ad966dc16b9c /ssh-keysign.c
parent	1824c071abc61b6a70cd0a077b957bd6e0c80cde (diff)
download	openssh-git-57a4476a69e1d64d051b766b0ac9c9c3ef496864.tar.gz