Skip to content
Permalink
Browse files

disallow creation (of empty files) in read-only mode; reported by

Michal Zalewski, feedback & ok deraadt@
  • Loading branch information
djmdjm committed Apr 4, 2017
1 parent f7bf1b9 commit a6981567e8e215acc1ef690c8dbb30f2d9b00a19
Showing with 3 additions and 3 deletions.
  1. +3 −3 usr.bin/ssh/sftp-server.c
@@ -1,4 +1,4 @@
/* $OpenBSD: sftp-server.c,v 1.110 2016/09/12 01:22:38 deraadt Exp $ */
/* $OpenBSD: sftp-server.c,v 1.111 2017/04/04 00:24:56 djm Exp $ */
/*
* Copyright (c) 2000-2004 Markus Friedl. All rights reserved.
*
@@ -683,8 +683,8 @@ process_open(u_int32_t id)
logit("open \"%s\" flags %s mode 0%o",
name, string_from_portable(pflags), mode);
if (readonly &&
((flags & O_ACCMODE) == O_WRONLY ||
(flags & O_ACCMODE) == O_RDWR)) {
((flags & O_ACCMODE) != O_RDONLY ||
(flags & (O_CREAT|O_TRUNC)) != 0)) {
verbose("Refusing open request in read-only mode");
status = SSH2_FX_PERMISSION_DENIED;
} else {

2 comments on commit a698156

@karthikbhat1994

This comment has been minimized.

Copy link

@karthikbhat1994 karthikbhat1994 replied Jun 5, 2018

Hi,

I was working something similar to this. Do you have the steps on how to go about creating zero length files in the read-only mode? Is the file system in the read-only mode or something else that we are talking about here.

Thanks,
Karthik

@sthen

This comment has been minimized.

Copy link
Contributor

@sthen sthen replied Jul 3, 2019

Replying to an old comment because this just came up due to some useless PCI-DSS scan company. This relates to sftp-server's -R flag.

Please sign in to comment.