[openssh] the private keys may be 640 root:ssh_keys ssh_keysign is sgid
Jan F. Chadima
jfch2222 at fedoraproject.org
Thu Apr 21 21:27:23 UTC 2011
commit a8dc50b17f5341c013d41a8b0b540046103cf679
Author: Jan F <jfch at cauvin.jagda.eu>
Date: Thu Apr 21 23:27:01 2011 +0200
the private keys may be 640 root:ssh_keys ssh_keysign is sgid
openssh-5.8p1-keyperm.patch | 2 +-
openssh.spec | 3 ++-
2 files changed, 3 insertions(+), 2 deletions(-)
---
diff --git a/openssh-5.8p1-keyperm.patch b/openssh-5.8p1-keyperm.patch
index 6167c14..af773f7 100644
--- a/openssh-5.8p1-keyperm.patch
+++ b/openssh-5.8p1-keyperm.patch
@@ -17,7 +17,7 @@ diff -up openssh-5.8p1/authfile.c.keyperm openssh-5.8p1/authfile.c
+ struct group *gr;
+
+ if ((gr = getgrnam("ssh_keys")) && (st.st_gid == gr->gr_gid))
-+ st.st_mode &= ~040;
++ st.st-mode &= ~040;
+ }
+
if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) {
diff --git a/openssh.spec b/openssh.spec
index 7d67582..906e166 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -147,8 +147,9 @@ Patch34: openssh-5.8p1-kuserok.patch
Patch35: openssh-5.8p1-glob.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1891
Patch36: openssh-5.8p1-pwchange.patch
-#?
+#https://bugzilla.mindrot.org/show_bug.cgi?id=1893
Patch37: openssh-5.8p1-keyperm.patch
+
#?
Patch50: openssh-5.8p1-fips.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1789
More information about the scm-commits
mailing list