===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/authfile.c,v
retrieving revision 1.37
retrieving revision 1.38
diff -u -r1.37 -r1.38
--- src/usr.bin/ssh/authfile.c	2001/06/23 15:12:17	1.37
+++ src/usr.bin/ssh/authfile.c	2001/09/23 11:09:13	1.38
@@ -36,7 +36,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: authfile.c,v 1.37 2001/06/23 15:12:17 itojun Exp $");
+RCSID("$OpenBSD: authfile.c,v 1.38 2001/09/23 11:09:13 markus Exp $");
 
 #include <openssl/err.h>
 #include <openssl/evp.h>
@@ -486,15 +486,18 @@
 {
 	struct stat st;
 
-	/* check owner and modes */
-	if (fstat(fd, &st) < 0 ||
-	    (st.st_uid != 0 && getuid() != 0 && st.st_uid != getuid()) ||
-	    (st.st_mode & 077) != 0) {
-		close(fd);
+	if (fstat(fd, &st) < 0)
+		return 0;
+	/*
+	 * if a key owned by the user is accessed, then we check the
+	 * permissions of the file. if the key owned by a different user,
+	 * then we don't care.
+	 */
+	if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) {
 		error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
 		error("@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @");
 		error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
-		error("Bad ownership or mode(0%3.3o) for '%s'.",
+		error("Permissions 0%3.3o for '%s' are too open.",
 		    st.st_mode & 0777, filename);
 		error("It is recommended that your private key files are NOT accessible by others.");
 		error("This private key will be ignored.");