upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-05-28 04:12:45 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

/etc/skeykeys was basically suffering from the same vulnerability

Browse source 
as any non-shadowed /etc/passwd.  Ironically, all programs using S/Key
have already been setuid root except keyinfo(1).

This modification creates /etc/skeykeys with mode 0600 to prevent it
from being examined by ordinary users.
This commit is contained in:
Joerg Wunsch 1996-04-26 21:33:18 +00:00
parent 68ba25409f
commit 711e38f8ed
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
lib/libskey/skeylogin.c
View file

@ -103,11 +103,13 @@ char *name;
long recstart;
char *cp, *p;
struct stat statbuf;
mode_t oldmask;
/* See if the _PATH_SKEYFILE exists, and create it if not */
if(stat(_PATH_SKEYFILE,&statbuf) == -1 && errno == ENOENT){
oldmask = umask(S_IRWXG|S_IRWXO);
mp->keyfile = fopen(_PATH_SKEYFILE,"w+");
(void) chmod(_PATH_SKEYFILE, 0644);
(void)umask(oldmask);
} else {
/* Otherwise open normally for update */
mp->keyfile = fopen(_PATH_SKEYFILE,"r+");