From f2d84f1b3fa68d77c99238d4c645d0266fae2a74 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Wed, 13 May 2020 09:55:57 +0000 Subject: [PATCH] upstream: preserve group/world read permission on known_hosts file across runs of "ssh-keygen -Rf /path". The old behaviour was to remove all rights for group/other. bz#3146 ok dtucker@ OpenBSD-Commit-ID: dc369d0e0b5dd826430c63fd5f4b269953448a8a --- ssh-keygen.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ssh-keygen.c b/ssh-keygen.c index 8c23a54cf..bcf1ece39 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.409 2020/05/02 07:19:43 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.410 2020/05/13 09:55:57 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -1292,6 +1292,7 @@ do_known_hosts(struct passwd *pw, const char *name, int find_host, int r, fd, oerrno, inplace = 0; struct known_hosts_ctx ctx; u_int foreach_options; + struct stat sb; if (!have_identity) { cp = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid); @@ -1301,6 +1302,8 @@ do_known_hosts(struct passwd *pw, const char *name, int find_host, free(cp); have_identity = 1; } + if (stat(identity_file, &sb) != 0) + fatal("Cannot stat %s: %s", identity_file, strerror(errno)); memset(&ctx, 0, sizeof(ctx)); ctx.out = stdout; @@ -1327,6 +1330,7 @@ do_known_hosts(struct passwd *pw, const char *name, int find_host, unlink(tmp); fatal("fdopen: %s", strerror(oerrno)); } + fchmod(fd, sb.st_mode & 0644); inplace = 1; } /* XXX support identity_file == "-" for stdin */