Date: Fri, 8 Mar 2013 12:04:47 +1100 (AEDT) From: John Marshall <john.marshall@riverwillow.com.au> To: FreeBSD-gnats-submit@freebsd.org Subject: bin/176740: [patch] sshd does not honour umask from ~/.login_conf Message-ID: <201303080104.r2814lNC058049@rwpc15.mby.riverwillow.net.au> Resent-Message-ID: <201303080130.r281U11P023959@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 176740 >Category: bin >Synopsis: [patch] sshd does not honour umask from ~/.login_conf >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Fri Mar 08 01:30:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: John Marshall >Release: FreeBSD 9.1-RELEASE i386 >Organization: Riverwillow Pty Ltd >Environment: System: FreeBSD rwpc15 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243728: Sat Dec 1 17:31:25 AEDT 2012 root@rwpc15:/usr/obj/build/src/sys/RWPC15 i386 >Description: If sshd is configured with its default setting of 'UseLogin no', it will read environment and path values from the user's ~/.login_conf (e.g. lang and charset) but not any umask value. Instead, the umask value from /etc/login.conf is applied. Setting the server's 'UseLogin' configuration option to 'yes' hands off that work to login and the user's umask value is retrieved as well, and is set as expected; but setting UseLogin disables X11Forwarding. I discovered that crypto/openssh/session.c is restricting the subset of login_conf settings it will read in user mode so that only environment and path values will be used. Is there any reason why umask should not be included? I think it is reasonable to expect that setting umask in ~/.login_conf means that that value will apply to all types of login. The user login_conf umask setting is applied when logging in via console (irrespective of selected shell) and via X but not via sshd. >How-To-Repeat: Add a umask setting to the me: class in ~/.login_conf. After logging in at the console or via X, note that the user umask value has been applied. Log in via ssh and note that the /etc/login.conf value is applied instead. After ssh login, execute login(1) at the shell prompt and note that the user umask value is now applied. >Fix: The attached patch adds umask to the list of user settings which will be retrieved and applied by sshd. --- session.c.diff begins here --- Index: crypto/openssh/session.c =================================================================== --- crypto/openssh/session.c (revision 243728) +++ crypto/openssh/session.c (working copy) @@ -1185,7 +1185,7 @@ environ = xmalloc(sizeof(char *)); *environ = NULL; (void) setusercontext(lc, pw, pw->pw_uid, - LOGIN_SETENV|LOGIN_SETPATH); + LOGIN_SETENV|LOGIN_SETPATH|LOGIN_SETUMASK); copy_environment(environ, &env, &envsize); for (var = environ; *var != NULL; ++var) xfree(*var); --- session.c.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201303080104.r2814lNC058049>