Use of non-user readable (null password) private keys

[Piete Brooks]

>> 2) How about `if owned by root, can be readable by others' (root is no 
bozo)
> root is :)

:-(

>> 4) ... and has the sticky bit set 
> this seems a simple solution....

OK -- so remove the `root' requirement, remove the `not readable by user', and 
just go with `some set of 07000 bits set' -- I would suggest not all, so how 
about must have setuid and sticky, but not setgid ?

... in fact (logically) a one liner :-)
-------------- next part --------------
--- authfile.c-DIST	Sat Oct 14 06:23:11 2000
+++ authfile.c	Wed Mar 28 12:21:23 2001
@@ -50,6 +50,13 @@
 #include "ssh.h"
 #include "key.h"
 
+#ifndef	KEY_FILE_MASK
+/* If a file is owned by root, and masking its perms with MASK gives VAL,
+ * then assume that the person who created it knew what they were doing */
+#define	KEY_FILE_MASK	07033
+#define	KEY_FILE_VAL	05000
+#endif
+
 /* Version identification string for identity files. */
 #define AUTHFILE_ID_STRING "SSH PRIVATE KEY FILE FORMAT 1.1\n"
 
@@ -485,7 +492,7 @@
 #endif
 	if (fstat(fd, &st) < 0 ||
 	    (st.st_uid != 0 && st.st_uid != getuid()) ||
-	    (st.st_mode & 077) != 0) {
+	    ((st.st_mode & 077) != 0 && (st.st_mode & KEY_FILE_MASK) != KEY_FILE_VAL)) {
 		close(fd);
 		error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
 		error("@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @");