attempting to resolve MS #675

diff --git a/packaging/debian/changelog b/packaging/debian/changelog
index eda81d802490b7e4a4b3b666cfe5937c3298f972..a13a70de1ac6c87ef57e606c1146c832a9281aeb 100644 (file)
--- a/packaging/debian/changelog
+++ b/packaging/debian/changelog
@@ -9,6 +9,8 @@ monkeysphere (0.26~pre-1) unstable; urgency=low
       (Closes: #527765)
     - do permissions checks with a perl script instead of non-portable
       readlink GNUisms
       (Closes: #527765)
     - do permissions checks with a perl script instead of non-portable
       readlink GNUisms

+    - bail on permissions check if we hit the home directory (helpful on
+      Mac OS and other systems with loose /home or /Users (closes MS #675)

 
  -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Sat, 01 Aug 2009 13:21:43 -0400
 
 
  -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Sat, 01 Aug 2009 13:21:43 -0400
 

diff --git a/src/share/checkperms b/src/share/checkperms
index 731790e1d7c03a084cbbd2cca0e950535588f62a..c93113ec66708f81ab82fc8755b2ddc942b8b1c2 100755 (executable)
--- a/src/share/checkperms
+++ b/src/share/checkperms
@@ -81,6 +81,14 @@ sub permissions_ok {
     return sprintf("improper other writability on '%s'", $path);
   }
 
     return sprintf("improper other writability on '%s'", $path);
   }
 

+  # see the rationalization in secure_filename() in auth.c in the
+  # OpenSSH sources for an explanation of this bailout (see also
+  # monkeysphere #675):
+  if ($path eq $user->dir) {
+    debug("stopping at the %s's home directory '%s'\n", $user->name, $path);
+    return undef;
+  }
+

   my $nextlevel = dirname($path);
   if ($path eq $nextlevel) { # we bottom out at the root (/ in UNIX)
     return undef;
   my $nextlevel = dirname($path);
   if ($path eq $nextlevel) { # we bottom out at the root (/ in UNIX)
     return undef;