diff options
| author | Ben Lindstrom <mouring@eviladmin.org> | 2002-08-01 01:28:38 +0000 |
|---|---|---|
| committer | Ben Lindstrom <mouring@eviladmin.org> | 2002-08-01 01:28:38 +0000 |
| commit | 5d860f02ca352cd8e51fe266cc2e1b5d58704964 (patch) | |
| tree | 72fd795930f9ce2773dfd3f61c4d3d46c638c850 | |
| parent | 4b99be899cc47064c13d8beabc32fe5c3a8f94b5 (diff) | |
- markus@cvs.openbsd.org 2002/07/30 17:03:55
[auth-options.c servconf.c servconf.h session.c sshd_config sshd_config.5]
add PermitUserEnvironment (off by default!); from dot@dotat.at;
ok provos, deraadt
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | auth-options.c | 5 | ||||
| -rw-r--r-- | servconf.c | 12 | ||||
| -rw-r--r-- | servconf.h | 3 | ||||
| -rw-r--r-- | session.c | 4 | ||||
| -rw-r--r-- | sshd_config | 3 | ||||
| -rw-r--r-- | sshd_config.5 | 17 |
7 files changed, 40 insertions, 10 deletions
| @@ -18,6 +18,10 @@ | |||
| 18 | - markus@cvs.openbsd.org 2002/07/29 18:57:30 | 18 | - markus@cvs.openbsd.org 2002/07/29 18:57:30 |
| 19 | [sshconnect.c] | 19 | [sshconnect.c] |
| 20 | print file:line | 20 | print file:line |
| 21 | - markus@cvs.openbsd.org 2002/07/30 17:03:55 | ||
| 22 | [auth-options.c servconf.c servconf.h session.c sshd_config sshd_config.5] | ||
| 23 | add PermitUserEnvironment (off by default!); from dot@dotat.at; | ||
| 24 | ok provos, deraadt | ||
| 21 | 25 | ||
| 22 | 20020730 | 26 | 20020730 |
| 23 | - (bal) [uidswap.c] SCO compile correction by gert@greenie.muc.de | 27 | - (bal) [uidswap.c] SCO compile correction by gert@greenie.muc.de |
| @@ -1486,4 +1490,4 @@ | |||
| 1486 | - (stevesk) entropy.c: typo in debug message | 1490 | - (stevesk) entropy.c: typo in debug message |
| 1487 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ | 1491 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ |
| 1488 | 1492 | ||
| 1489 | $Id: ChangeLog,v 1.2412 2002/08/01 01:26:29 mouring Exp $ | 1493 | $Id: ChangeLog,v 1.2413 2002/08/01 01:28:38 mouring Exp $ |
diff --git a/auth-options.c b/auth-options.c index 41a29f79c..8595fdc14 100644 --- a/auth-options.c +++ b/auth-options.c | |||
| @@ -10,7 +10,7 @@ | |||
| 10 | */ | 10 | */ |
| 11 | 11 | ||
| 12 | #include "includes.h" | 12 | #include "includes.h" |
| 13 | RCSID("$OpenBSD: auth-options.c,v 1.25 2002/07/21 18:32:20 stevesk Exp $"); | 13 | RCSID("$OpenBSD: auth-options.c,v 1.26 2002/07/30 17:03:55 markus Exp $"); |
| 14 | 14 | ||
| 15 | #include "xmalloc.h" | 15 | #include "xmalloc.h" |
| 16 | #include "match.h" | 16 | #include "match.h" |
| @@ -133,7 +133,8 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
| 133 | goto next_option; | 133 | goto next_option; |
| 134 | } | 134 | } |
| 135 | cp = "environment=\""; | 135 | cp = "environment=\""; |
| 136 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { | 136 | if (options.permit_user_env && |
| 137 | strncasecmp(opts, cp, strlen(cp)) == 0) { | ||
| 137 | char *s; | 138 | char *s; |
| 138 | struct envstring *new_envstring; | 139 | struct envstring *new_envstring; |
| 139 | 140 | ||
diff --git a/servconf.c b/servconf.c index bdf39afb8..50fccdda8 100644 --- a/servconf.c +++ b/servconf.c | |||
| @@ -10,7 +10,7 @@ | |||
| 10 | */ | 10 | */ |
| 11 | 11 | ||
| 12 | #include "includes.h" | 12 | #include "includes.h" |
| 13 | RCSID("$OpenBSD: servconf.c,v 1.112 2002/06/23 09:46:51 deraadt Exp $"); | 13 | RCSID("$OpenBSD: servconf.c,v 1.113 2002/07/30 17:03:55 markus Exp $"); |
| 14 | 14 | ||
| 15 | #if defined(KRB4) | 15 | #if defined(KRB4) |
| 16 | #include <krb.h> | 16 | #include <krb.h> |
| @@ -101,6 +101,7 @@ initialize_server_options(ServerOptions *options) | |||
| 101 | options->kbd_interactive_authentication = -1; | 101 | options->kbd_interactive_authentication = -1; |
| 102 | options->challenge_response_authentication = -1; | 102 | options->challenge_response_authentication = -1; |
| 103 | options->permit_empty_passwd = -1; | 103 | options->permit_empty_passwd = -1; |
| 104 | options->permit_user_env = -1; | ||
| 104 | options->use_login = -1; | 105 | options->use_login = -1; |
| 105 | options->compression = -1; | 106 | options->compression = -1; |
| 106 | options->allow_tcp_forwarding = -1; | 107 | options->allow_tcp_forwarding = -1; |
| @@ -223,6 +224,8 @@ fill_default_server_options(ServerOptions *options) | |||
| 223 | options->challenge_response_authentication = 1; | 224 | options->challenge_response_authentication = 1; |
| 224 | if (options->permit_empty_passwd == -1) | 225 | if (options->permit_empty_passwd == -1) |
| 225 | options->permit_empty_passwd = 0; | 226 | options->permit_empty_passwd = 0; |
| 227 | if (options->permit_user_env == -1) | ||
| 228 | options->permit_user_env = 0; | ||
| 226 | if (options->use_login == -1) | 229 | if (options->use_login == -1) |
| 227 | options->use_login = 0; | 230 | options->use_login = 0; |
| 228 | if (options->compression == -1) | 231 | if (options->compression == -1) |
| @@ -291,7 +294,7 @@ typedef enum { | |||
| 291 | sPrintMotd, sPrintLastLog, sIgnoreRhosts, | 294 | sPrintMotd, sPrintLastLog, sIgnoreRhosts, |
| 292 | sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, | 295 | sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, |
| 293 | sStrictModes, sEmptyPasswd, sKeepAlives, | 296 | sStrictModes, sEmptyPasswd, sKeepAlives, |
| 294 | sUseLogin, sAllowTcpForwarding, sCompression, | 297 | sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, |
| 295 | sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, | 298 | sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, |
| 296 | sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, | 299 | sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, |
| 297 | sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups, | 300 | sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups, |
| @@ -354,6 +357,7 @@ static struct { | |||
| 354 | { "xauthlocation", sXAuthLocation }, | 357 | { "xauthlocation", sXAuthLocation }, |
| 355 | { "strictmodes", sStrictModes }, | 358 | { "strictmodes", sStrictModes }, |
| 356 | { "permitemptypasswords", sEmptyPasswd }, | 359 | { "permitemptypasswords", sEmptyPasswd }, |
| 360 | { "permituserenvironment", sPermitUserEnvironment }, | ||
| 357 | { "uselogin", sUseLogin }, | 361 | { "uselogin", sUseLogin }, |
| 358 | { "compression", sCompression }, | 362 | { "compression", sCompression }, |
| 359 | { "keepalive", sKeepAlives }, | 363 | { "keepalive", sKeepAlives }, |
| @@ -713,6 +717,10 @@ parse_flag: | |||
| 713 | intptr = &options->permit_empty_passwd; | 717 | intptr = &options->permit_empty_passwd; |
| 714 | goto parse_flag; | 718 | goto parse_flag; |
| 715 | 719 | ||
| 720 | case sPermitUserEnvironment: | ||
| 721 | intptr = &options->permit_user_env; | ||
| 722 | goto parse_flag; | ||
| 723 | |||
| 716 | case sUseLogin: | 724 | case sUseLogin: |
| 717 | intptr = &options->use_login; | 725 | intptr = &options->use_login; |
| 718 | goto parse_flag; | 726 | goto parse_flag; |
diff --git a/servconf.h b/servconf.h index c94f541d0..024987dd6 100644 --- a/servconf.h +++ b/servconf.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: servconf.h,v 1.58 2002/06/20 23:05:55 markus Exp $ */ | 1 | /* $OpenBSD: servconf.h,v 1.59 2002/07/30 17:03:55 markus Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| @@ -97,6 +97,7 @@ typedef struct { | |||
| 97 | int challenge_response_authentication; | 97 | int challenge_response_authentication; |
| 98 | int permit_empty_passwd; /* If false, do not permit empty | 98 | int permit_empty_passwd; /* If false, do not permit empty |
| 99 | * passwords. */ | 99 | * passwords. */ |
| 100 | int permit_user_env; /* If true, read ~/.ssh/environment */ | ||
| 100 | int use_login; /* If true, login(1) is used */ | 101 | int use_login; /* If true, login(1) is used */ |
| 101 | int compression; /* If true, compression is allowed */ | 102 | int compression; /* If true, compression is allowed */ |
| 102 | int allow_tcp_forwarding; | 103 | int allow_tcp_forwarding; |
| @@ -33,7 +33,7 @@ | |||
| 33 | */ | 33 | */ |
| 34 | 34 | ||
| 35 | #include "includes.h" | 35 | #include "includes.h" |
| 36 | RCSID("$OpenBSD: session.c,v 1.145 2002/07/22 11:03:06 markus Exp $"); | 36 | RCSID("$OpenBSD: session.c,v 1.146 2002/07/30 17:03:55 markus Exp $"); |
| 37 | 37 | ||
| 38 | #include "ssh.h" | 38 | #include "ssh.h" |
| 39 | #include "ssh1.h" | 39 | #include "ssh1.h" |
| @@ -1065,7 +1065,7 @@ do_setup_env(Session *s, const char *shell) | |||
| 1065 | auth_sock_name); | 1065 | auth_sock_name); |
| 1066 | 1066 | ||
| 1067 | /* read $HOME/.ssh/environment. */ | 1067 | /* read $HOME/.ssh/environment. */ |
| 1068 | if (!options.use_login) { | 1068 | if (options.permit_user_env && !options.use_login) { |
| 1069 | snprintf(buf, sizeof buf, "%.200s/.ssh/environment", | 1069 | snprintf(buf, sizeof buf, "%.200s/.ssh/environment", |
| 1070 | pw->pw_dir); | 1070 | pw->pw_dir); |
| 1071 | read_environment_file(&env, &envsize, buf); | 1071 | read_environment_file(&env, &envsize, buf); |
diff --git a/sshd_config b/sshd_config index 24c4e059e..f20d812ee 100644 --- a/sshd_config +++ b/sshd_config | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: sshd_config,v 1.56 2002/06/20 23:37:12 markus Exp $ | 1 | # $OpenBSD: sshd_config,v 1.57 2002/07/30 17:03:55 markus Exp $ |
| 2 | 2 | ||
| 3 | # This is the sshd server system-wide configuration file. See | 3 | # This is the sshd server system-wide configuration file. See |
| 4 | # sshd_config(5) for more information. | 4 | # sshd_config(5) for more information. |
| @@ -81,6 +81,7 @@ | |||
| 81 | #KeepAlive yes | 81 | #KeepAlive yes |
| 82 | #UseLogin no | 82 | #UseLogin no |
| 83 | #UsePrivilegeSeparation yes | 83 | #UsePrivilegeSeparation yes |
| 84 | #PermitUserEnvironment no | ||
| 84 | #Compression yes | 85 | #Compression yes |
| 85 | 86 | ||
| 86 | #MaxStartups 10 | 87 | #MaxStartups 10 |
diff --git a/sshd_config.5 b/sshd_config.5 index 6625865ef..f43b2bb9b 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
| @@ -34,7 +34,7 @@ | |||
| 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 36 | .\" | 36 | .\" |
| 37 | .\" $OpenBSD: sshd_config.5,v 1.5 2002/07/09 17:46:25 stevesk Exp $ | 37 | .\" $OpenBSD: sshd_config.5,v 1.6 2002/07/30 17:03:55 markus Exp $ |
| 38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
| 39 | .Dt SSHD_CONFIG 5 | 39 | .Dt SSHD_CONFIG 5 |
| 40 | .Os | 40 | .Os |
| @@ -465,6 +465,21 @@ for root. | |||
| 465 | If this option is set to | 465 | If this option is set to |
| 466 | .Dq no | 466 | .Dq no |
| 467 | root is not allowed to login. | 467 | root is not allowed to login. |
| 468 | .It Cm PermitUserEnvironment | ||
| 469 | Specifies whether | ||
| 470 | .Pa ~/.ssh/environment | ||
| 471 | is read by | ||
| 472 | .Nm sshd | ||
| 473 | and whether | ||
| 474 | .Cm environment= | ||
| 475 | options in | ||
| 476 | .Pa ~/.ssh/authorized_keys | ||
| 477 | files are permitted. | ||
| 478 | The default is | ||
| 479 | .Dq no . | ||
| 480 | This option is useful for locked-down installations where | ||
| 481 | .Ev LD_PRELOAD | ||
| 482 | and suchlike can cause security problems. | ||
| 468 | .It Cm PidFile | 483 | .It Cm PidFile |
| 469 | Specifies the file that contains the process ID of the | 484 | Specifies the file that contains the process ID of the |
| 470 | .Nm sshd | 485 | .Nm sshd |