4 files changed, 28 insertions, 12 deletions

diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c
index 5e6aa2f90bc..a981223b990 100644
--- a/usr.bin/ssh/readconf.c
+++ b/usr.bin/ssh/readconf.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.128 2004/03/05 10:53:58 markus Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.129 2004/04/18 23:10:26 djm Exp $");
 
 #include "ssh.h"
 #include "xmalloc.h"
@@ -777,7 +777,8 @@ parse_int:
  */
 
 int
-read_config_file(const char *filename, const char *host, Options *options)
+read_config_file(const char *filename, const char *host, Options *options, 
+    int checkperm)
 {
 	FILE *f;
 	char line[1024];
@@ -785,10 +786,24 @@ read_config_file(const char *filename, const char *host, Options *options)
 	int bad_options = 0;
 
 	/* Open the file. */
-	f = fopen(filename, "r");
-	if (!f)
+	if ((f = fopen(filename, "r")) == NULL)
 		return 0;
 
+	if (checkperm) {
+		struct stat sb;
+		
+		if (fstat(fileno(f), &sb) == -1) {
+			fatal("fstat %s: %s", filename, strerror(errno));
+			fclose(f);
+			return (0);
+		}
+		if (((sb.st_uid != 0 && sb.st_uid != getuid()) ||
+		    (sb.st_mode & 022) != 0)) {
+			fatal("Bad owner or permissions on %s", filename);
+			return 0;
+		}
+	}
+
 	debug("Reading configuration data %.200s", filename);
 
 	/*
diff --git a/usr.bin/ssh/readconf.h b/usr.bin/ssh/readconf.h
index 93d833cee3d..9d70fee6738 100644
--- a/usr.bin/ssh/readconf.h
+++ b/usr.bin/ssh/readconf.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: readconf.h,v 1.60 2004/03/05 10:53:58 markus Exp $	*/
+/*	$OpenBSD: readconf.h,v 1.61 2004/04/18 23:10:26 djm Exp $	*/
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -108,7 +108,7 @@ typedef struct {
 
 void     initialize_options(Options *);
 void     fill_default_options(Options *);
-int	 read_config_file(const char *, const char *, Options *);
+int	 read_config_file(const char *, const char *, Options *, int);
 
 int
 process_config_line(Options *, const char *, char *, const char *, int, int *);
diff --git a/usr.bin/ssh/ssh-keysign.c b/usr.bin/ssh/ssh-keysign.c
index 04650dcb2d0..00bd046fdf6 100644
--- a/usr.bin/ssh/ssh-keysign.c
+++ b/usr.bin/ssh/ssh-keysign.c
@@ -22,7 +22,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keysign.c,v 1.15 2004/01/19 21:25:15 markus Exp $");
+RCSID("$OpenBSD: ssh-keysign.c,v 1.16 2004/04/18 23:10:26 djm Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/rand.h>
@@ -158,7 +158,7 @@ main(int argc, char **argv)
 	/* verify that ssh-keysign is enabled by the admin */
 	original_real_uid = getuid();	/* XXX readconf.c needs this */
 	initialize_options(&options);
-	(void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options);
+	(void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options, 0);
 	fill_default_options(&options);
 	if (options.enable_ssh_keysign != 1)
 		fatal("ssh-keysign not enabled in %s",
diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c
index 48092e10b11..4f0c4e1cbb3 100644
--- a/usr.bin/ssh/ssh.c
+++ b/usr.bin/ssh/ssh.c
@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.209 2004/03/11 10:21:17 markus Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.210 2004/04/18 23:10:26 djm Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/err.h>
@@ -517,16 +517,17 @@ again:
 	 * file if the user specifies a config file on the command line.
 	 */
 	if (config != NULL) {
-		if (!read_config_file(config, host, &options))
+		if (!read_config_file(config, host, &options, 0), 0)
 			fatal("Can't open user config file %.100s: "
 			    "%.100s", config, strerror(errno));
 	} else  {
 		snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir,
 		    _PATH_SSH_USER_CONFFILE);
-		(void)read_config_file(buf, host, &options);
+		(void)read_config_file(buf, host, &options, 1);
 
 		/* Read systemwide configuration file after use config. */
-		(void)read_config_file(_PATH_HOST_CONFIG_FILE, host, &options);
+		(void)read_config_file(_PATH_HOST_CONFIG_FILE, host, 
+		    &options, 0);
 	}
 
 	/* Fill configuration defaults. */