make sure ~/.ssh/authorized_keys is not writable for group/world (sshd)

don't load private keys if they are group/world-{rwx} (ssh,sshd and ssh-add)

4 files changed, 64 insertions, 10 deletions

diff --git a/usr.bin/ssh/auth-rsa.c b/usr.bin/ssh/auth-rsa.c
index c30d213393d..b3f2a0ac688 100644
--- a/usr.bin/ssh/auth-rsa.c
+++ b/usr.bin/ssh/auth-rsa.c
@@ -16,7 +16,7 @@ validity of the host key.
 */
 
 #include "includes.h"
-RCSID("$Id: auth-rsa.c,v 1.3 1999/09/30 17:08:51 deraadt Exp $");
+RCSID("$Id: auth-rsa.c,v 1.4 1999/10/11 20:00:35 markus Exp $");
 
 #include "rsa.h"
 #include "packet.h"
@@ -127,7 +127,7 @@ auth_rsa_challenge_dialog(unsigned int bits, BIGNUM *e, BIGNUM *n)
    successful.  This may exit if there is a serious protocol violation. */
 
 int
-auth_rsa(struct passwd *pw, BIGNUM *client_n)
+auth_rsa(struct passwd *pw, BIGNUM *client_n, int strict_modes)
 {
   char line[8192];
   int authenticated;
@@ -137,18 +137,22 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
   struct stat st;
   BIGNUM *e, *n;
 
-  /* Open the file containing the authorized keys. */
+  /* Temporarily use the user's uid. */
+  temporarily_use_uid(pw->pw_uid);
+
+  /* The authorized keys. */
   snprintf(line, sizeof line, "%.500s/%.100s", pw->pw_dir,
     SSH_USER_PERMITTED_KEYS);
   
-  /* Temporarily use the user's uid. */
-  temporarily_use_uid(pw->pw_uid);
+  /* Fail quietly if file does not exist */
   if (stat(line, &st) < 0)
     {
       /* Restore the privileged uid. */
       restore_uid();
       return 0;
     }
+
+  /* Open the file containing the authorized keys. */
   f = fopen(line, "r");
   if (!f)
     {
@@ -159,6 +163,42 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
       return 0;
     }
 
+  if (strict_modes) {
+    int fail=0;
+    char buf[1024];
+    /* Check open file in order to avoid open/stat races */
+    if (fstat(fileno(f), &st) < 0 ||
+        (st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
+        (st.st_mode & 022) != 0) {
+      snprintf(buf, sizeof buf, "RSA authentication refused for %.100s: "
+               "bad ownership or modes for '%s'.", pw->pw_name, line);
+      fail=1;
+    }else{
+      /* Check path to SSH_USER_PERMITTED_KEYS */
+      int i;
+      static const char *check[] = {
+            "", SSH_USER_DIR, NULL
+      };
+      for (i=0; check[i]; i++) {
+        snprintf(line, sizeof line, "%.500s/%.100s", pw->pw_dir, check[i]);
+        if (stat(line, &st) < 0 ||
+            (st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
+            (st.st_mode & 022) != 0) {
+          snprintf(buf, sizeof buf, "RSA authentication refused for %.100s: "
+                   "bad ownership or modes for '%s'.", pw->pw_name, line);
+          fail=1;
+          break;
+        }
+      }
+    }
+    if (fail) {
+      log(buf);
+      packet_send_debug(buf);
+      restore_uid();
+      return 0;
+    }
+  } 
+
   /* Flag indicating whether authentication has succeeded. */
   authenticated = 0;
   
diff --git a/usr.bin/ssh/authfile.c b/usr.bin/ssh/authfile.c
index a3dfbf126a3..5025831090a 100644
--- a/usr.bin/ssh/authfile.c
+++ b/usr.bin/ssh/authfile.c
@@ -15,7 +15,7 @@ for reading the passphrase from the user.
 */
 
 #include "includes.h"
-RCSID("$Id: authfile.c,v 1.6 1999/09/30 18:28:35 provos Exp $");
+RCSID("$Id: authfile.c,v 1.7 1999/10/11 20:00:35 markus Exp $");
 
 #include <ssl/bn.h>
 #include "xmalloc.h"
@@ -211,12 +211,26 @@ load_private_key(const char *filename, const char *passphrase,
   CipherContext cipher;
   BN_CTX *ctx;
   BIGNUM *aux;
+  struct stat st;
 
   /* Read the file into the buffer. */
   f = open(filename, O_RDONLY);
   if (f < 0)
     return 0;
 
+  /* We assume we are called under uid of the owner of the file */
+  if (fstat(f, &st) < 0 ||
+      (st.st_uid != 0 && st.st_uid != getuid()) ||
+      (st.st_mode & 077) != 0) {
+    error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
+    error("@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @");
+    error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
+    error("Bad ownership or mode(0%3.3o) for '%s'.",
+	   st.st_mode & 0777, filename);
+    error("It is recommended that your private key files are NOT accessible by others.");
+    return 0;
+  }
+
   len = lseek(f, (off_t)0, SEEK_END);
   lseek(f, (off_t)0, SEEK_SET);
   
diff --git a/usr.bin/ssh/ssh.h b/usr.bin/ssh/ssh.h
index 756a795b8bc..e638acfef6b 100644
--- a/usr.bin/ssh/ssh.h
+++ b/usr.bin/ssh/ssh.h
@@ -13,7 +13,7 @@ Generic header file for ssh.
 
 */
 
-/* RCSID("$Id: ssh.h,v 1.9 1999/10/07 21:45:02 markus Exp $"); */
+/* RCSID("$Id: ssh.h,v 1.10 1999/10/11 20:00:36 markus Exp $"); */
 
 #ifndef SSH_H
 #define SSH_H
@@ -265,7 +265,7 @@ int auth_password(struct passwd *pw, const char *password);
 /* Performs the RSA authentication dialog with the client.  This returns
    0 if the client could not be authenticated, and 1 if authentication was
    successful.  This may exit if there is a serious protocol violation. */
-int auth_rsa(struct passwd *pw, BIGNUM *client_n);
+int auth_rsa(struct passwd *pw, BIGNUM *client_n, int strict_modes);
 
 /* Parses an RSA key (number of bits, e, n) from a string.  Moves the pointer
    over the key.  Skips any whitespace at the beginning and at end. */
diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c
index 6e57bc52fdd..170fffcc4bb 100644
--- a/usr.bin/ssh/sshd.c
+++ b/usr.bin/ssh/sshd.c
@@ -18,7 +18,7 @@ agent connections.
 */
 
 #include "includes.h"
-RCSID("$Id: sshd.c,v 1.25 1999/10/07 22:46:33 markus Exp $");
+RCSID("$Id: sshd.c,v 1.26 1999/10/11 20:00:36 markus Exp $");
 
 #include "xmalloc.h"
 #include "rsa.h"
@@ -1233,7 +1233,7 @@ do_authentication(char *user, int privileged_port)
 
 	    packet_integrity_check(plen, nlen, type);
 	    
-	    if (auth_rsa(pw, n))
+	    if (auth_rsa(pw, n, options.strict_modes))
 	      { 
 		/* Successful authentication. */
 		BN_clear_free(n);