permissions of the very first known_hosts.old

To: tech-security%netbsd.org@localhost
Subject: permissions of the very first known_hosts.old
From: Valery Ushakov <uwe%stderr.spb.ru@localhost>
Date: Mon, 5 Feb 2024 05:14:00 +0300

I have installed a new disk in my macppc.  On a freshly installed
10.0_RC4 machine with an empty home directory I do "slogin foo".
After that I can see in my newly created ~/.ssh

  -rw-------  1 uwe  uwe  947 Feb  5 05:07 known_hosts
  -rw-r--r--  1 uwe  uwe  101 Feb  5 05:07 known_hosts.old

where known_hosts.old contains the ed25519 key for the host foo and
known_hosts contains all the keys for it.  The permissions of
known_hosts.old is probably not much of a problem b/c the .ssh
directory itself is 0700, but it's still kinda icky.

I'd appreciate it if someone more familiar with ssh could verify this
and report this to upstream properly if that's an upstream bug.  TIA.

-uwe

Prev by Date: /etc/ssh/ssh_known_hosts
Next by Date: NetBSD Security Advisory 2024-001: Inadequate validation of user-supplied hostname in utmp_update(8)
Previous by Thread: /etc/ssh/ssh_known_hosts
Next by Thread: NetBSD Security Advisory 2024-001: Inadequate validation of user-supplied hostname in utmp_update(8)
Indexes:

Home | Main Index | Thread Index | Old Index