Antonio Larrosa
45f6d17800
package existed for a brief period of time during SLE 15 SP6/
Leap 15.6 development but even if it was removed from the
repositories before GM, some users might have it in their
systems from having tried a beta/RC release (boo#1227350).
quoting was present in the user-supplied ssh_config(5) directive
(bsc#1218215, CVE-2023-51385).
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=270
40 lines
1.3 KiB
Diff
40 lines
1.3 KiB
Diff
commit 07ffb49749c310b82e44278ae05e081d6f4a82bf
|
|
Author: Hans Petter Jansson <hpj@cl.no>
|
|
Date: Fri Sep 27 01:57:16 2019 +0200
|
|
|
|
ssh-keygen: Preserve known_hosts permissions on rewrite
|
|
|
|
Transfer the permissions of the old known_hosts file instead of
|
|
just going with what mkstemp() gives us. This is useful in corner
|
|
cases where known_hosts is shared between users.
|
|
|
|
Index: openssh-8.8p1/ssh-keygen.c
|
|
===================================================================
|
|
--- openssh-8.8p1.orig/ssh-keygen.c
|
|
+++ openssh-8.8p1/ssh-keygen.c
|
|
@@ -1384,6 +1384,11 @@ do_known_hosts(struct passwd *pw, const
|
|
if (inplace)
|
|
unlink(tmp);
|
|
} else if (inplace) {
|
|
+ struct stat st;
|
|
+
|
|
+ /* Get metadata for existing file */
|
|
+ r = stat(identity_file, &st);
|
|
+
|
|
/* Backup existing file */
|
|
if (unlink(old) == -1 && errno != ENOENT)
|
|
fatal("unlink %.100s: %s", old, strerror(errno));
|
|
@@ -1398,6 +1403,12 @@ do_known_hosts(struct passwd *pw, const
|
|
unlink(old);
|
|
exit(1);
|
|
}
|
|
+ /* Preserve permissions; non-critical */
|
|
+ if (r != -1)
|
|
+ r = chown(identity_file, st.st_uid, st.st_gid);
|
|
+ if (r != -1)
|
|
+ chmod(identity_file,
|
|
+ st.st_mode & (S_IRWXU | S_IRWXG | S_IRWXO));
|
|
|
|
printf("%s updated.\n", identity_file);
|
|
printf("Original contents retained as %s\n", old);
|