diff options
| author | Colin Watson <cjwatson@debian.org> | 2008-04-06 11:14:35 +0000 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2008-04-06 11:14:35 +0000 |
| commit | 0df2e6b41de8b35845aa2f297ef8d39b85ba3d47 (patch) | |
| tree | 70f474ce5abb6147c4a45ce9b00b34797e6a4f44 | |
| parent | bfb5ee9d4b1a9dae5bc984975a9cf6c07a86492f (diff) | |
Backport from 4.9p1:
- Ignore ~/.ssh/rc if a sshd_config ForcedCommand is specified (see
http://www.securityfocus.com/bid/28531/info).
- Add no-user-rc authorized_keys option to disable execution of
~/.ssh/rc.
| -rw-r--r-- | auth-options.c | 9 | ||||
| -rw-r--r-- | auth-options.h | 1 | ||||
| -rw-r--r-- | debian/changelog | 5 | ||||
| -rw-r--r-- | session.c | 5 | ||||
| -rw-r--r-- | sshd.8 | 3 | ||||
| -rw-r--r-- | sshd_config.5 | 4 |
6 files changed, 24 insertions, 3 deletions
diff --git a/auth-options.c b/auth-options.c index ca5e1c931..8f9df7a76 100644 --- a/auth-options.c +++ b/auth-options.c | |||
| @@ -42,6 +42,7 @@ int no_port_forwarding_flag = 0; | |||
| 42 | int no_agent_forwarding_flag = 0; | 42 | int no_agent_forwarding_flag = 0; |
| 43 | int no_x11_forwarding_flag = 0; | 43 | int no_x11_forwarding_flag = 0; |
| 44 | int no_pty_flag = 0; | 44 | int no_pty_flag = 0; |
| 45 | int no_user_rc = 0; | ||
| 45 | 46 | ||
| 46 | /* "command=" option. */ | 47 | /* "command=" option. */ |
| 47 | char *forced_command = NULL; | 48 | char *forced_command = NULL; |
| @@ -61,6 +62,7 @@ auth_clear_options(void) | |||
| 61 | no_port_forwarding_flag = 0; | 62 | no_port_forwarding_flag = 0; |
| 62 | no_pty_flag = 0; | 63 | no_pty_flag = 0; |
| 63 | no_x11_forwarding_flag = 0; | 64 | no_x11_forwarding_flag = 0; |
| 65 | no_user_rc = 0; | ||
| 64 | while (custom_environment) { | 66 | while (custom_environment) { |
| 65 | struct envstring *ce = custom_environment; | 67 | struct envstring *ce = custom_environment; |
| 66 | custom_environment = ce->next; | 68 | custom_environment = ce->next; |
| @@ -121,6 +123,13 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
| 121 | opts += strlen(cp); | 123 | opts += strlen(cp); |
| 122 | goto next_option; | 124 | goto next_option; |
| 123 | } | 125 | } |
| 126 | cp = "no-user-rc"; | ||
| 127 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { | ||
| 128 | auth_debug_add("User rc file execution disabled."); | ||
| 129 | no_user_rc = 1; | ||
| 130 | opts += strlen(cp); | ||
| 131 | goto next_option; | ||
| 132 | } | ||
| 124 | cp = "command=\""; | 133 | cp = "command=\""; |
| 125 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { | 134 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
| 126 | opts += strlen(cp); | 135 | opts += strlen(cp); |
diff --git a/auth-options.h b/auth-options.h index 853f8b517..86583cc47 100644 --- a/auth-options.h +++ b/auth-options.h | |||
| @@ -26,6 +26,7 @@ extern int no_port_forwarding_flag; | |||
| 26 | extern int no_agent_forwarding_flag; | 26 | extern int no_agent_forwarding_flag; |
| 27 | extern int no_x11_forwarding_flag; | 27 | extern int no_x11_forwarding_flag; |
| 28 | extern int no_pty_flag; | 28 | extern int no_pty_flag; |
| 29 | extern int no_user_rc; | ||
| 29 | extern char *forced_command; | 30 | extern char *forced_command; |
| 30 | extern struct envstring *custom_environment; | 31 | extern struct envstring *custom_environment; |
| 31 | extern int forced_tun_device; | 32 | extern int forced_tun_device; |
diff --git a/debian/changelog b/debian/changelog index b08532cc3..0556949c4 100644 --- a/debian/changelog +++ b/debian/changelog | |||
| @@ -5,6 +5,11 @@ openssh (1:4.7p1-8) UNRELEASED; urgency=low | |||
| 5 | configurations (LP: #211400). | 5 | configurations (LP: #211400). |
| 6 | * Tweak scp's reporting of filenames in verbose mode to be a bit less | 6 | * Tweak scp's reporting of filenames in verbose mode to be a bit less |
| 7 | confusing with spaces (thanks, Nicolas Valcárcel; LP: #89945). | 7 | confusing with spaces (thanks, Nicolas Valcárcel; LP: #89945). |
| 8 | * Backport from 4.9p1: | ||
| 9 | - Ignore ~/.ssh/rc if a sshd_config ForcedCommand is specified (see | ||
| 10 | http://www.securityfocus.com/bid/28531/info). | ||
| 11 | - Add no-user-rc authorized_keys option to disable execution of | ||
| 12 | ~/.ssh/rc. | ||
| 8 | 13 | ||
| 9 | -- Colin Watson <cjwatson@debian.org> Tue, 01 Apr 2008 14:12:43 +0100 | 14 | -- Colin Watson <cjwatson@debian.org> Tue, 01 Apr 2008 14:12:43 +0100 |
| 10 | 15 | ||
| @@ -1201,8 +1201,9 @@ do_rc_files(Session *s, const char *shell) | |||
| 1201 | do_xauth = | 1201 | do_xauth = |
| 1202 | s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL; | 1202 | s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL; |
| 1203 | 1203 | ||
| 1204 | /* ignore _PATH_SSH_USER_RC for subsystems */ | 1204 | /* ignore _PATH_SSH_USER_RC for subsystems and admin forced commands */ |
| 1205 | if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) { | 1205 | if (!s->is_subsystem && options.adm_forced_command == NULL && |
| 1206 | !no_user_rc && (stat(_PATH_SSH_USER_RC, &st) >= 0)) { | ||
| 1206 | snprintf(cmd, sizeof cmd, "%s -c '%s %s'", | 1207 | snprintf(cmd, sizeof cmd, "%s -c '%s %s'", |
| 1207 | shell, _PATH_BSHELL, _PATH_SSH_USER_RC); | 1208 | shell, _PATH_BSHELL, _PATH_SSH_USER_RC); |
| 1208 | if (debug_flag) | 1209 | if (debug_flag) |
| @@ -534,6 +534,9 @@ This might be used, e.g. in connection with the | |||
| 534 | option. | 534 | option. |
| 535 | .It Cm no-pty | 535 | .It Cm no-pty |
| 536 | Prevents tty allocation (a request to allocate a pty will fail). | 536 | Prevents tty allocation (a request to allocate a pty will fail). |
| 537 | .It Cm no-user-rc | ||
| 538 | Disables execution of | ||
| 539 | .Pa ~/.ssh/rc . | ||
| 537 | .It Cm no-X11-forwarding | 540 | .It Cm no-X11-forwarding |
| 538 | Forbids X11 forwarding when this key is used for authentication. | 541 | Forbids X11 forwarding when this key is used for authentication. |
| 539 | Any X11 forward requests by the client will return an error. | 542 | Any X11 forward requests by the client will return an error. |
diff --git a/sshd_config.5 b/sshd_config.5 index fab43af42..a7a7227b2 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
| @@ -311,7 +311,9 @@ for more information on patterns. | |||
| 311 | .It Cm ForceCommand | 311 | .It Cm ForceCommand |
| 312 | Forces the execution of the command specified by | 312 | Forces the execution of the command specified by |
| 313 | .Cm ForceCommand , | 313 | .Cm ForceCommand , |
| 314 | ignoring any command supplied by the client. | 314 | ignoring any command supplied by the client and |
| 315 | .Pa ~/.ssh/rc | ||
| 316 | if present. | ||
| 315 | The command is invoked by using the user's login shell with the -c option. | 317 | The command is invoked by using the user's login shell with the -c option. |
| 316 | This applies to shell, command, or subsystem execution. | 318 | This applies to shell, command, or subsystem execution. |
| 317 | It is most useful inside a | 319 | It is most useful inside a |