===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/readconf.c,v
retrieving revision 1.128
retrieving revision 1.129
diff -u -r1.128 -r1.129
--- src/usr.bin/ssh/readconf.c	2004/03/05 10:53:58	1.128
+++ src/usr.bin/ssh/readconf.c	2004/04/18 23:10:26	1.129
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.128 2004/03/05 10:53:58 markus Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.129 2004/04/18 23:10:26 djm Exp $");
 
 #include "ssh.h"
 #include "xmalloc.h"
@@ -777,7 +777,8 @@
  */
 
 int
-read_config_file(const char *filename, const char *host, Options *options)
+read_config_file(const char *filename, const char *host, Options *options, 
+    int checkperm)
 {
 	FILE *f;
 	char line[1024];
@@ -785,9 +786,23 @@
 	int bad_options = 0;
 
 	/* Open the file. */
-	f = fopen(filename, "r");
-	if (!f)
+	if ((f = fopen(filename, "r")) == NULL)
 		return 0;
+
+	if (checkperm) {
+		struct stat sb;
+		
+		if (fstat(fileno(f), &sb) == -1) {
+			fatal("fstat %s: %s", filename, strerror(errno));
+			fclose(f);
+			return (0);
+		}
+		if (((sb.st_uid != 0 && sb.st_uid != getuid()) ||
+		    (sb.st_mode & 022) != 0)) {
+			fatal("Bad owner or permissions on %s", filename);
+			return 0;
+		}
+	}
 
 	debug("Reading configuration data %.200s", filename);