Browse Source

Add ~/.ssh/id_dsa and ~/.ssh/id_rsa to the "must be owned by user and

not readable by other" block.  Remove ~/.ssh/random_seed as it is
not used in OpenSSH.
Add ~/.ssh/authorized_keys2, and ~/.ssh/known_hosts to the "must be
owned by user and not writable"  block.
OPENBSD_2_9
millert 24 years ago
parent
commit
e2f7d1725e
1 changed files with 5 additions and 4 deletions
  1. +5
    -4
      src/etc/security

+ 5
- 4
src/etc/security View File

@ -1,6 +1,6 @@
#!/bin/sh - #!/bin/sh -
# #
# $OpenBSD: security,v 1.44 2001/01/31 19:12:10 deraadt Exp $
# $OpenBSD: security,v 1.45 2001/03/16 15:38:13 millert Exp $
# from: @(#)security 8.1 (Berkeley) 6/9/93 # from: @(#)security 8.1 (Berkeley) 6/9/93
# #
@ -374,7 +374,7 @@ fi
# Files that should not be owned by someone else or readable. # Files that should not be owned by someone else or readable.
list=".netrc .rhosts .gnupg/secring.gpg .gnupg/random_seed \ list=".netrc .rhosts .gnupg/secring.gpg .gnupg/random_seed \
.pgp/secring.pgp .shosts .ssh/identity .ssh/random_seed"
.pgp/secring.pgp .shosts .ssh/identity .ssh/id_dsa .ssh/id_rsa"
awk -F: '/^[^+-]/ { print $1 " " $6 }' /etc/passwd | \ awk -F: '/^[^+-]/ { print $1 " " $6 }' /etc/passwd | \
while read uid homedir; do while read uid homedir; do
for f in $list ; do for f in $list ; do
@ -399,8 +399,9 @@ awk '$1 != $5 && $5 != "root" \
list=".bashrc .bash_profile .bash_login .bash_logout .cshrc \ list=".bashrc .bash_profile .bash_login .bash_logout .cshrc \
.emacs .exrc .forward .fvwmrc .inputrc .klogin .kshrc .login \ .emacs .exrc .forward .fvwmrc .inputrc .klogin .kshrc .login \
.logout .nexrc .profile .screenrc .ssh .ssh/config \ .logout .nexrc .profile .screenrc .ssh .ssh/config \
.ssh/authorized_keys .ssh/environment .ssh/known_hosts .ssh/rc \
.tcshrc .twmrc .xsession .xinitrc .Xdefaults .Xauthority"
.ssh/authorized_keys .ssh/authorized_keys2 .ssh/environment \
.ssh/known_hosts .ssh/rc .tcshrc .twmrc .xsession .xinitrc \
.Xdefaults .Xauthority"
awk -F: '/^[^+-]/ { print $1 " " $6 }' /etc/passwd | \ awk -F: '/^[^+-]/ { print $1 " " $6 }' /etc/passwd | \
while read uid homedir; do while read uid homedir; do
for f in $list ; do for f in $list ; do


Loading…
Cancel
Save