From c27bb69e547de6c17f49b6703a61a009fb862be2 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sat, 1 Aug 2009 13:40:11 -0400
Subject: [PATCH] attempting to resolve MS #675

---
 packaging/debian/changelog | 2 ++
 src/share/checkperms       | 8 ++++++++
 2 files changed, 10 insertions(+)

diff --git a/packaging/debian/changelog b/packaging/debian/changelog
index eda81d8..a13a70d 100644
--- a/packaging/debian/changelog
+++ b/packaging/debian/changelog
@@ -9,6 +9,8 @@ monkeysphere (0.26~pre-1) unstable; urgency=low
       (Closes: #527765)
     - do permissions checks with a perl script instead of non-portable
       readlink GNUisms
+    - bail on permissions check if we hit the home directory (helpful on
+      Mac OS and other systems with loose /home or /Users (closes MS #675)
 
  -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Sat, 01 Aug 2009 13:21:43 -0400
 
diff --git a/src/share/checkperms b/src/share/checkperms
index 731790e..c93113e 100755
--- a/src/share/checkperms
+++ b/src/share/checkperms
@@ -81,6 +81,14 @@ sub permissions_ok {
     return sprintf("improper other writability on '%s'", $path);
   }
 
+  # see the rationalization in secure_filename() in auth.c in the
+  # OpenSSH sources for an explanation of this bailout (see also
+  # monkeysphere #675):
+  if ($path eq $user->dir) {
+    debug("stopping at the %s's home directory '%s'\n", $user->name, $path);
+    return undef;
+  }
+
   my $nextlevel = dirname($path);
   if ($path eq $nextlevel) { # we bottom out at the root (/ in UNIX)
     return undef;
-- 
2.25.1