tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream: Check for and warn about StrictModes permission problems. ok tb@ 

OpenBSD-Regress-ID: 4841704ccdee50ee7efc6035bc686695c6ac2991
This commit is contained in:
dtucker@openbsd.org 2020-01-23 03:42:41 +00:00 committed by Darren Tucker
parent 84de1c27f8
commit 7e1323102b
1 changed files with 24 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
regress/test-exec.sh
View File

@ -1,4 +1,4 @@
# $OpenBSD: test-exec.sh,v 1.70 2020/01/21 08:06:27 djm Exp $
# $OpenBSD: test-exec.sh,v 1.71 2020/01/23 03:42:41 dtucker Exp $
# Placed in the Public Domain.
#SUDO=sudo
@ -444,6 +444,29 @@ EOF
# be abused to locally escalate privileges.
if [ ! -z "$TEST_SSH_UNSAFE_PERMISSIONS" ]; then
echo "StrictModes no" >> $OBJ/sshd_config
else
# check and warn if excessive permissions are likely to cause failures.
unsafe=""
dir="${OBJ}"
while test ${dir} != "/"; do
perms=`ls -ld ${dir}`
case "${perms}" in
?????w????*|????????w?*) unsafe="${unsafe} ${dir}" ;;
esac
dir=`dirname ${dir}`
done
if ! test -z "${unsafe}"; then
cat <<EOD
WARNING: Unsafe (group or world writable) directory permissions found:
${unsafe}
These could be abused to locally escalate privileges. If you are
sure that this is not a risk (eg there are no other users), you can
bypass this check by setting TEST_SSH_UNSAFE_PERMISSIONS=1
EOD
fi
fi
if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then