diff options
| author | Darren Tucker <dtucker@cvs.openbsd.org> | 2020-01-23 03:42:42 +0000 |
|---|---|---|
| committer | Darren Tucker <dtucker@cvs.openbsd.org> | 2020-01-23 03:42:42 +0000 |
| commit | 18729960eacb96eda8566ce6bcf89522d077b9b6 (patch) | |
| tree | 5af5bf37f35ed2d446117d38d527c843e398d66d /regress/usr.bin | |
| parent | 42188d4ac57badf39c3fc31e841d2d888b150816 (diff) | |
Check for and warn about StrictModes permission problems. ok tb@
Diffstat (limited to 'regress/usr.bin')
| -rw-r--r-- | regress/usr.bin/ssh/test-exec.sh | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/regress/usr.bin/ssh/test-exec.sh b/regress/usr.bin/ssh/test-exec.sh index 3bd469d4661..f01d9eeb5b6 100644 --- a/regress/usr.bin/ssh/test-exec.sh +++ b/regress/usr.bin/ssh/test-exec.sh @@ -1,4 +1,4 @@ -# $OpenBSD: test-exec.sh,v 1.70 2020/01/21 08:06:27 djm Exp $ +# $OpenBSD: test-exec.sh,v 1.71 2020/01/23 03:42:41 dtucker Exp $ # Placed in the Public Domain. USER=`id -un` @@ -281,6 +281,29 @@ EOF # be abused to locally escalate privileges. if [ ! -z "$TEST_SSH_UNSAFE_PERMISSIONS" ]; then echo "StrictModes no" >> $OBJ/sshd_config +else + # check and warn if excessive permissions are likely to cause failures. + unsafe="" + dir="${OBJ}" + while test ${dir} != "/"; do + perms=`ls -ld ${dir}` + case "${perms}" in + ?????w????*|????????w?*) unsafe="${unsafe} ${dir}" ;; + esac + dir=`dirname ${dir}` + done + if ! test -z "${unsafe}"; then + cat <<EOD + +WARNING: Unsafe (group or world writable) directory permissions found: +${unsafe} + +These could be abused to locally escalate privileges. If you are +sure that this is not a risk (eg there are no other users), you can +bypass this check by setting TEST_SSH_UNSAFE_PERMISSIONS=1 + +EOD + fi fi if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then |