[Bug 954620] Re: SSH StrictModes does not work correctly

Rodney Beede 954620 at bugs.launchpad.net
Wed Mar 12 15:34:24 UTC 2014 

Debian has a Debian specific patch (user-group-modes.patch) that changes
the behavior compared to the upstream version of OpenSSH.

If a user ssh file or directory has a group write bit set and that group
has no other members besides the user then sshd now allows the use of
the ssh file or directory.

I've confirmed this behavior in Ubuntu 12.04.

Upstream the change was not accepted for security reasons and that other
distros may not have per-user groups like Debian.


See also:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347

https://bugzilla.mindrot.org/show_bug.cgi?id=1060


** Bug watch added: Debian Bug tracker #314347
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347

** Bug watch added: OpenSSH Portable Bugzilla #1060
   https://bugzilla.mindrot.org/show_bug.cgi?id=1060

** Changed in: openssh (Ubuntu)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/954620

Title:
  SSH StrictModes does not work correctly

Status in “openssh” package in Ubuntu:
  Fix Released

Bug description:
  When StrictModes is set to yes in /etc/ssh/sshd_config, I am still
  able to successfully log in to my server when .ssh is set to 0775 and
  authorized_keys is set to 0664. It seems that StrictModes is not
  working as it is supposed to.

  This is happening on a fresh install of Ubuntu Server 11.10 64-bit.

  frank at localhost:~$ lsb_release -rd
  Description:    Ubuntu 11.10
  Release:        11.10

  frank at localhost:~$ apt-cache policy openssh-server
  openssh-server:
    Installed: 1:5.8p1-7ubuntu1
    Candidate: 1:5.8p1-7ubuntu1
    Version table:
   *** 1:5.8p1-7ubuntu1 0
          500 http://us.archive.ubuntu.com/ubuntu/ oneiric/main amd64 Packages
          100 /var/lib/dpkg/status

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/954620/+subscriptions

More information about the foundations-bugs mailing list