- djm@cvs.openbsd.org 2008/06/26 06:10:09

[sftp-client.c sftp-server.c]
     allow the sftp chmod(2)-equivalent operation to set set[ug]id/sticky
     bits. Note that this only affects explicit setting of modes (e.g. via
     sftp(1)'s chmod command) and not file transfers. (bz#1310)
     ok deraadt@ at c2k8

ChangeLog

@@ -8,6 +8,12 @@
      [key.c]
      add key length to visual fingerprint; zap magical constants;
      ok grunk@ djm@
+   - djm@cvs.openbsd.org 2008/06/26 06:10:09
+     [sftp-client.c sftp-server.c]
+     allow the sftp chmod(2)-equivalent operation to set set[ug]id/sticky
+     bits. Note that this only affects explicit setting of modes (e.g. via
+     sftp(1)'s chmod command) and not file transfers. (bz#1310)
+     ok deraadt@ at c2k8
 
 20080628
  - (djm) [RFC.nroff contrib/cygwin/Makefile contrib/suse/openssh.spec]
@@ -4428,4 +4434,4 @@
    OpenServer 6 and add osr5bigcrypt support so when someone migrates
    passwords between UnixWare and OpenServer they will still work. OK dtucker@
 
-$Id: ChangeLog,v 1.5026 2008/06/29 12:45:37 djm Exp $
+$Id: ChangeLog,v 1.5027 2008/06/29 12:46:35 djm Exp $

sftp-client.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-client.c,v 1.85 2008/06/12 20:47:04 djm Exp $ */
+/* $OpenBSD: sftp-client.c,v 1.86 2008/06/26 06:10:09 djm Exp $ */
 /*
  * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
  *
@@ -920,7 +920,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
 	if (a == NULL)
 		return(-1);
 
-	/* XXX: should we preserve set[ug]id? */
+	/* Do not preserve set[ug]id here, as we do not preserve ownership */
 	if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS)
 		mode = a->perm & 0777;
 	else

sftp-server.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-server.c,v 1.83 2008/06/09 13:02:39 dtucker Exp $ */
+/* $OpenBSD: sftp-server.c,v 1.84 2008/06/26 06:10:09 djm Exp $ */
 /*
  * Copyright (c) 2000-2004 Markus Friedl.  All rights reserved.
  *
@@ -763,7 +763,7 @@ process_setstat(void)
 	}
 	if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {
 		logit("set \"%s\" mode %04o", name, a->perm);
-		ret = chmod(name, a->perm & 0777);
+		ret = chmod(name, a->perm & 07777);
 		if (ret == -1)
 			status = errno_to_portable(errno);
 	}
@@ -817,9 +817,9 @@ process_fsetstat(void)
 		if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {
 			logit("set \"%s\" mode %04o", name, a->perm);
 #ifdef HAVE_FCHMOD
-			ret = fchmod(fd, a->perm & 0777);
+			ret = fchmod(fd, a->perm & 07777);
 #else
-			ret = chmod(name, a->perm & 0777);
+			ret = chmod(name, a->perm & 07777);
 #endif
 			if (ret == -1)
 				status = errno_to_portable(errno);
@@ -970,7 +970,7 @@ process_mkdir(void)
 	name = get_string(NULL);
 	a = get_attrib();
 	mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ?
-	    a->perm & 0777 : 0777;
+	    a->perm & 07777 : 0777;
 	debug3("request %u: mkdir", id);
 	logit("mkdir name \"%s\" mode 0%o", name, mode);
 	ret = mkdir(name, mode);