[Bug 1089] StrictModes needs runtime granularity
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Mon Sep 26 16:27:58 EST 2005
http://bugzilla.mindrot.org/show_bug.cgi?id=1089
------- Additional Comments From dtucker at zip.com.au 2005-09-26 16:27 -------
(In reply to comment #2)
> "Even if StrictModes is enabled, though, it can be defeated... First, sshd can
> be compiled with the flag -- enable-group-writeability"
There's certainly no such option in the current version:
$ grep group-writeability configure.ac
$
and there's no mention of it in the cvs history either. It's possible that some
vendors add somthing along those lines, though.
> In short, though, regardless of the existence or lack thereof of such a flag,
> I would like to be able to make group-writable acceptable to StrictModes
> without having to turn StrictModes off and (so far) I have found no way to do
> this, hence my feature request.
Maybe "StrictModes yes|no|group"? Or make StrictModes accept a umask-like
syntax ("StrictModes 002")?
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list