- djm@cvs.openbsd.org 2008/03/26 21:28:14

[auth-options.c auth-options.h session.c sshd.8] add no-user-rc authorized_keys option to disable execution of ~/.ssh/rc
author: Damien Miller <djm@mindrot.org> 2008-03-27 11:03:05 +1100
committer: Damien Miller <djm@mindrot.org> 2008-03-27 11:03:05 +1100
commit: 95e80955f27d55c7a02724e72bdcb1a4ca619f25 (patch)
tree: 1fa829fa8a4d5aa4ae93ab18b3b2f7a141e04cb9
parent: 55360e1ceb62c341d5c380bf6d94050d17f59930 (diff)
5 files changed, 23 insertions, 7 deletions
diff --git a/ChangeLog b/ChangeLog
index c9b1ec67a..7da2b8b82 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -40,6 +40,9 @@
   - djm@cvs.openbsd.org 2008/03/25 23:01:41
     [session.c]
     last patch had backwards test; spotted by termim AT gmail.com
+   - djm@cvs.openbsd.org 2008/03/26 21:28:14
+     [auth-options.c auth-options.h session.c sshd.8]
+     add no-user-rc authorized_keys option to disable execution of ~/.ssh/rc
 20080315
 - (djm) [regress/test-exec.sh] Quote putty-related variables in case they are
@@ -3808,4 +3811,4 @@
   OpenServer 6 and add osr5bigcrypt support so when someone migrates
   passwords between UnixWare and OpenServer they will still work. OK dtucker@
-$Id: ChangeLog,v 1.4888 2008/03/27 00:02:27 djm Exp $
+$Id: ChangeLog,v 1.4889 2008/03/27 00:03:05 djm Exp $
diff --git a/auth-options.c b/auth-options.c
index ca5e1c931..6e2256961 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-options.c,v 1.40 2006/08/03 03:34:41 deraadt Exp $ */
+/* $OpenBSD: auth-options.c,v 1.41 2008/03/26 21:28:14 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -42,6 +42,7 @@ int no_port_forwarding_flag = 0;
 int no_agent_forwarding_flag = 0;
 int no_x11_forwarding_flag = 0;
 int no_pty_flag = 0;
+int no_user_rc = 0;
 /* "command=" option. */
 char *forced_command = NULL;
@@ -61,6 +62,7 @@ auth_clear_options(void)
        no_port_forwarding_flag = 0;
        no_pty_flag = 0;
        no_x11_forwarding_flag = 0;
+        no_user_rc = 0;
        while (custom_environment) {
                struct envstring *ce = custom_environment;
                custom_environment = ce->next;
@@ -121,6 +123,13 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
                        opts += strlen(cp);
                        goto next_option;
                }
+                cp = "no-user-rc";
+                if (strncasecmp(opts, cp, strlen(cp)) == 0) {
+                        auth_debug_add("User rc file execution disabled.");
+                        no_user_rc = 1;
+                        opts += strlen(cp);
+                        goto next_option;
+                }
                cp = "command=\"";
                if (strncasecmp(opts, cp, strlen(cp)) == 0) {
                        opts += strlen(cp);
diff --git a/auth-options.h b/auth-options.h
index 853f8b517..14488f72d 100644
--- a/auth-options.h
+++ b/auth-options.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-options.h,v 1.16 2006/08/03 03:34:41 deraadt Exp $ */
+/* $OpenBSD: auth-options.h,v 1.17 2008/03/26 21:28:14 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -26,6 +26,7 @@ extern int no_port_forwarding_flag;
 extern int no_agent_forwarding_flag;
 extern int no_x11_forwarding_flag;
 extern int no_pty_flag;
+extern int no_user_rc;
 extern char *forced_command;
 extern struct envstring *custom_environment;
 extern int forced_tun_device;
diff --git a/session.c b/session.c
index 6d9e36e46..a77dde38f 100644
--- a/session.c
+++ b/session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.232 2008/03/25 23:01:41 djm Exp $ */
+/* $OpenBSD: session.c,v 1.233 2008/03/26 21:28:14 djm Exp $ */
 /*
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
@@ -1204,7 +1204,7 @@ do_rc_files(Session *s, const char *shell)
        /* ignore _PATH_SSH_USER_RC for subsystems and admin forced commands */
        if (!s->is_subsystem && options.adm_forced_command == NULL &&
-            (stat(_PATH_SSH_USER_RC, &st) >= 0)) {
+            !no_user_rc &&  (stat(_PATH_SSH_USER_RC, &st) >= 0)) {
                snprintf(cmd, sizeof cmd, "%s -c '%s %s'",
                    shell, _PATH_BSHELL, _PATH_SSH_USER_RC);
                if (debug_flag)
diff --git a/sshd.8 b/sshd.8
index b91ca4fc7..cc44e5471 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,8 +34,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.239 2008/02/11 07:58:28 jmc Exp $
+.\" $OpenBSD: sshd.8,v 1.240 2008/03/26 21:28:14 djm Exp $
-.Dd $Mdocdate: February 11 2008 $
+.Dd $Mdocdate: March 26 2008 $
 .Dt SSHD 8
 .Os
 .Sh NAME
@@ -531,6 +531,9 @@ This might be used, e.g. in connection with the
 option.
 .It Cm no-pty
 Prevents tty allocation (a request to allocate a pty will fail).
+.It Cm no-user-rc
+Disables execution of 
+.Pa ~/.ssh/rc .
 .It Cm no-X11-forwarding
 Forbids X11 forwarding when this key is used for authentication.
 Any X11 forward requests by the client will return an error.
author	Damien Miller <djm@mindrot.org>	2008-03-27 11:03:05 +1100
committer	Damien Miller <djm@mindrot.org>	2008-03-27 11:03:05 +1100
commit	95e80955f27d55c7a02724e72bdcb1a4ca619f25 (patch)
tree	1fa829fa8a4d5aa4ae93ab18b3b2f7a141e04cb9
parent	55360e1ceb62c341d5c380bf6d94050d17f59930 (diff)