[Bug 1089] StrictModes needs runtime granularity

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Mon Sep 26 16:27:58 EST 2005


http://bugzilla.mindrot.org/show_bug.cgi?id=1089





------- Additional Comments From dtucker at zip.com.au  2005-09-26 16:27 -------
(In reply to comment #2)
> "Even if StrictModes is enabled, though, it can be defeated... First, sshd can
> be compiled with the flag  -- enable-group-writeability"

There's certainly no such option in the current version:
$ grep group-writeability configure.ac
$

and there's no mention of it in the cvs history either.  It's possible that some
vendors add somthing along those lines, though.

> In short, though, regardless of the existence or lack thereof of such a flag,
> I would like to be able to make group-writable acceptable to StrictModes
> without having to turn StrictModes off and (so far) I have found no way to do
> this, hence my feature request.

Maybe "StrictModes yes|no|group"?  Or make StrictModes accept a umask-like
syntax ("StrictModes 002")?




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list