Bug#314649: Bug#314347: openssh-client: "Bad owner or permissions on $HOME/.ssh/config" check too aggressive

To: Branden Robinson <branden@debian.org>, 314347@bugs.debian.org, Frederic Briere <fbriere@fbriere.net>, 314649@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Bug#314649: Bug#314347: openssh-client: "Bad owner or permissions on $HOME/.ssh/config" check too aggressive
From: Colin Watson <cjwatson@debian.org>
Date: Sun, 3 Jul 2005 16:52:04 +0100
Message-id: <[🔎] 20050703155204.GO16725@riva.ucam.org>
Reply-to: Colin Watson <cjwatson@debian.org>, 314649@bugs.debian.org
In-reply-to: <20050615205938.278B268C019@sisyphus.deadbeast.net>
References: <20050615205938.278B268C019@sisyphus.deadbeast.net>

tags 314347 pending
thanks

On Wed, Jun 15, 2005 at 03:59:38PM -0500, Branden Robinson wrote:
> 1148 {0} branden@sisyphus:~/packages/xorg-x11/svn/trunk/debian$ svn up
> Bad owner or permissions on /home/branden/.ssh/config
> svn: Connection closed unexpectedly
> 1149 {1} branden@sisyphus:~/packages/xorg-x11/svn/trunk/debian$ l -l $HOME/.ssh/config
> -rw-rw-r--  1 branden branden 125 Jun 26  2004 /home/branden/.ssh/config
> 1150 {0} branden@sisyphus:~/packages/xorg-x11/svn/trunk/debian$ chmod 644 /home/branden/.ssh/config
> 1151 {0} branden@sisyphus:~/packages/xorg-x11/svn/trunk/debian$ svn up
> At revision 220.
> 
> I think that check is excessively paranoid.

Evidently I made all my ~/.ssh/config files mode 0644 ages ago for some
other reason, since I never noticed this change in behaviour ...

> I can think of a few possibilities for resolving this bug:
[...]
> 2) Simply tolerate group-writable files if the group name in question is
>    identical to the user name.
> 
> 3) Alternatively or additionally to 2), ensure that the user is the only
>    member of the group owning the group-writable file.

The combination of these two suggestions seems to be the best fix. I've
implemented this in CVS and sent a patch upstream.

> 5) As part of the many migrations done to the new openssh world order, walk
>    /home and chmod g-w on all .ssh/config files.  Some people might
>    consider this intrusive, though, and it doesn't prevent the creation of
>    new accounts with this problem.

That would run into problems with NFS, too.

On Fri, Jun 17, 2005 at 12:59:45PM -0400, Frederic Briere wrote:
> I assume this is an attempt to make sure ~/.ssh/config is 0600 or
> something.

Actually, it's really to check that it's not *writable* by other
parties. The relevant ChangeLog entry says:

   - djm@cvs.openbsd.org 2004/04/18 23:10:26
     [readconf.c readconf.h ssh-keysign.c ssh.c]
     perform strict ownership and modes checks for ~/.ssh/config files,
     as these can be used to execute arbitrary programs; ok markus@
     NB. ssh will now exit when it detects a config with poor permissions

>   * There's no mention of this behavior in the documentation

ssh(1) says:

     $HOME/.ssh/config
             This is the per-user configuration file.  The file format
             and configuration options are described in ssh_config(5).
             Because of the potential for abuse, this file must have
             strict permissions: read/write for the user, and not
             accessible by others.

ssh_config(5) has similar text.

Cheers,

-- 
Colin Watson                                       [cjwatson@debian.org]

Reply to:

Follow-Ups:
- Processed: Re: Bug#314347: openssh-client: "Bad owner or permissions on $HOME/.ssh/config" check too aggressive
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Processed: Re: Bug#314347: openssh-client: "Bad owner or permissions on $HOME/.ssh/config" check too aggressive
Next by Date: Bug#313044: /usr/bin/scp: scp: Atomic transfers?
Previous by thread: Processed: bug 314347 is forwarded to http://bugzilla.mindrot.org/show_bug.cgi?id=1060
Next by thread: Processed: Re: Bug#314347: openssh-client: "Bad owner or permissions on $HOME/.ssh/config" check too aggressive
Index(es):
- Date
- Thread