From aaf4b0e8196c3b3a432105d8767ee542507a9cd4 Mon Sep 17 00:00:00 2001 From: djm Date: Thu, 2 Apr 2026 07:42:16 +0000 Subject: [PATCH] when downloading files as root in legacy (-O) mode and without the -p (preserve modes) flag set, clear setuid/setgid bits from downloaded files as one might expect. AFAIK this bug dates back to the original Berkeley rcp program. Reported by Christos Papakonstantinou of Cantina and Spearbit. --- usr.bin/ssh/scp.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/usr.bin/ssh/scp.c b/usr.bin/ssh/scp.c index 2ac5183d998..600b727acdc 100644 --- a/usr.bin/ssh/scp.c +++ b/usr.bin/ssh/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.272 2026/02/08 19:54:31 dtucker Exp $ */ +/* $OpenBSD: scp.c,v 1.273 2026/04/02 07:42:16 djm Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -1637,8 +1637,10 @@ sink(int argc, char **argv, const char *src) setimes = targisdir = 0; mask = umask(0); - if (!pflag) + if (!pflag) { + mask |= 07000; (void) umask(mask); + } if (argc != 1) { run_err("ambiguous target"); exit(1);