when downloading files as root in legacy (-O) mode and without the

-p (preserve modes) flag set, clear setuid/setgid bits from
downloaded files as one might expect.

AFAIK this bug dates back to the original Berkeley rcp program.

Reported by Christos Papakonstantinou of Cantina and Spearbit.

usr.bin/ssh/scp.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: scp.c,v 1.272 2026/02/08 19:54:31 dtucker Exp $ */
+/* $OpenBSD: scp.c,v 1.273 2026/04/02 07:42:16 djm Exp $ */
 /*
  * scp - secure remote copy.  This is basically patched BSD rcp which
  * uses ssh to do the data transfer (instead of using rcmd).
@@ -1637,8 +1637,10 @@ sink(int argc, char **argv, const char *src)
 
 	setimes = targisdir = 0;
 	mask = umask(0);
-	if (!pflag)
+	if (!pflag) {
+		mask |= 07000;
 		(void) umask(mask);
+	}
 	if (argc != 1) {
 		run_err("ambiguous target");
 		exit(1);