Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
disallow creation (of empty files) in read-only mode; reported by
Michal Zalewski, feedback & ok deraadt@
  • Loading branch information
djmdjm committed Apr 4, 2017
1 parent f7bf1b9 commit a698156
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions usr.bin/ssh/sftp-server.c
@@ -1,4 +1,4 @@
/* $OpenBSD: sftp-server.c,v 1.110 2016/09/12 01:22:38 deraadt Exp $ */
/* $OpenBSD: sftp-server.c,v 1.111 2017/04/04 00:24:56 djm Exp $ */
/*
* Copyright (c) 2000-2004 Markus Friedl. All rights reserved.
*
Expand Down Expand Up @@ -683,8 +683,8 @@ process_open(u_int32_t id)
logit("open \"%s\" flags %s mode 0%o",
name, string_from_portable(pflags), mode);
if (readonly &&
((flags & O_ACCMODE) == O_WRONLY ||
(flags & O_ACCMODE) == O_RDWR)) {
((flags & O_ACCMODE) != O_RDONLY ||
(flags & (O_CREAT|O_TRUNC)) != 0)) {
verbose("Refusing open request in read-only mode");
status = SSH2_FX_PERMISSION_DENIED;
} else {
Expand Down

2 comments on commit a698156

@karthikbhat1994
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi,

I was working something similar to this. Do you have the steps on how to go about creating zero length files in the read-only mode? Is the file system in the read-only mode or something else that we are talking about here.

Thanks,
Karthik

@sthen
Copy link
Contributor

@sthen sthen commented on a698156 Jul 3, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Replying to an old comment because this just came up due to some useless PCI-DSS scan company. This relates to sftp-server's -R flag.

Please sign in to comment.