[Bug 954620] Re: SSH StrictModes does not work correctly
Rodney Beede
954620 at bugs.launchpad.net
Wed Mar 12 15:34:24 UTC 2014
Debian has a Debian specific patch (user-group-modes.patch) that changes
the behavior compared to the upstream version of OpenSSH.
If a user ssh file or directory has a group write bit set and that group
has no other members besides the user then sshd now allows the use of
the ssh file or directory.
I've confirmed this behavior in Ubuntu 12.04.
Upstream the change was not accepted for security reasons and that other
distros may not have per-user groups like Debian.
See also:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347
https://bugzilla.mindrot.org/show_bug.cgi?id=1060
** Bug watch added: Debian Bug tracker #314347
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347
** Bug watch added: OpenSSH Portable Bugzilla #1060
https://bugzilla.mindrot.org/show_bug.cgi?id=1060
** Changed in: openssh (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/954620
Title:
SSH StrictModes does not work correctly
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/954620/+subscriptions
More information about the Ubuntu-server-bugs
mailing list