Incorrect text found in openssh-client/auth-file.c:542
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
portable OpenSSH |
Fix Released
|
Low
|
|||
openssh (Ubuntu) |
Fix Released
|
Low
|
Unassigned |
Bug Description
Binary package hint: metacity
install the openssh-client source code, look at auth-file.c and see this stanza :
int
key_perm_ok(int fd, const char *filename)
{
struct stat st;
if (fstat(fd, &st) < 0)
return 0;
/*
* if a key owned by the user is accessed, then we check the
* permissions of the file. if the key owned by a different user,
* then we don't care.
*/
#ifdef HAVE_CYGWIN
if (check_
#endif
if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) {
error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @");
error("It is recommended that your private key files are NOT accessible by others.");
return 0;
}
return 1;
}
The text "It is recommended that your private key files are NOT accessible by others." should read "It is not permitted....".
There is no work around to use a non-protected private key, therefore it is incorrect to say recommend.
Changed in openssh (Ubuntu): | |
importance: | Undecided → Low |
status: | New → Confirmed |
tags: | added: patch |
Changed in openssh: | |
importance: | Unknown → Low |
status: | Unknown → Fix Released |
Sorry, wrong package...