upstream: preserve group/world read permission on known_hosts

file across runs of "ssh-keygen -Rf /path". The old behaviour was to remove all rights for group/other. bz#3146 ok dtucker@ OpenBSD-Commit-ID: dc369d0e0b5dd826430c63fd5f4b269953448a8a
2024-12-18 08:04:40 +00:00 · 2020-05-13 09:55:57 +00:00 · 2020-05-13 09:55:57 +00:00 · f2d84f1b3f
commit f2d84f1b3f
parent 05a651400d
1 changed files with 5 additions and 1 deletions
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.409 2020/05/02 07:19:43 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.410 2020/05/13 09:55:57 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -1292,6 +1292,7 @@ do_known_hosts(struct passwd *pw, const char *name, int find_host,
 	int r, fd, oerrno, inplace = 0;
 	struct known_hosts_ctx ctx;
 	u_int foreach_options;
+	struct stat sb;

 	if (!have_identity) {
 		cp = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid);
@ -1301,6 +1302,8 @@ do_known_hosts(struct passwd *pw, const char *name, int find_host,
 		free(cp);
 		have_identity = 1;
 	}
+	if (stat(identity_file, &sb) != 0)
+		fatal("Cannot stat %s: %s", identity_file, strerror(errno));

 	memset(&ctx, 0, sizeof(ctx));
 	ctx.out = stdout;
@ -1327,6 +1330,7 @@ do_known_hosts(struct passwd *pw, const char *name, int find_host,
 			unlink(tmp);
 			fatal("fdopen: %s", strerror(oerrno));
 		}
+		fchmod(fd, sb.st_mode & 0644);
 		inplace = 1;
 	}
 	/* XXX support identity_file == "-" for stdin */