bin/176740: [patch] sshd does not honour umask from ~/.login_conf

John Marshall john.marshall at
Fri Mar 8 01:30:01 UTC 2013

>Number:         176740
>Category:       bin
>Synopsis:       [patch] sshd does not honour umask from ~/.login_conf
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri Mar 08 01:30:00 UTC 2013
>Originator:     John Marshall
>Release:        FreeBSD 9.1-RELEASE i386
Riverwillow Pty Ltd
System: FreeBSD rwpc15 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243728: Sat Dec 1 17:31:25 AEDT 2012 root at rwpc15:/usr/obj/build/src/sys/RWPC15 i386


If sshd is configured with its default setting of 'UseLogin no', it will
read environment and path values from the user's ~/.login_conf (e.g.
lang and charset) but not any umask value.  Instead, the umask value
from /etc/login.conf is applied.

Setting the server's 'UseLogin' configuration option to 'yes' hands off
that work to login and the user's umask value is retrieved as well, and
is set as expected; but setting UseLogin disables X11Forwarding.

I discovered that crypto/openssh/session.c is restricting the subset of
login_conf settings it will read in user mode so that only environment
and path values will be used.  Is there any reason why umask should not
be included?

I think it is reasonable to expect that setting umask in ~/.login_conf
means that that value will apply to all types of login.  The user
login_conf umask setting is applied when logging in via console
(irrespective of selected shell) and via X but not via sshd.


Add a umask setting to the me: class in ~/.login_conf.  After logging in
at the console or via X, note that the user umask value has been
applied.  Log in via ssh and note that the /etc/login.conf value is
applied instead.  After ssh login, execute login(1) at the shell prompt
and note that the user umask value is now applied.


The attached patch adds umask to the list of user settings which will be
retrieved and applied by sshd.

--- session.c.diff begins here ---
Index: crypto/openssh/session.c
--- crypto/openssh/session.c	(revision 243728)
+++ crypto/openssh/session.c	(working copy)
@@ -1185,7 +1185,7 @@
 		environ = xmalloc(sizeof(char *));
 		*environ = NULL;
 		(void) setusercontext(lc, pw, pw->pw_uid,
 		copy_environment(environ, &env, &envsize);
 		for (var = environ; *var != NULL; ++var)
--- session.c.diff ends here ---


More information about the freebsd-bugs mailing list