diff options
| author | Colin Watson <cjwatson@debian.org> | 2008-04-06 11:14:35 +0000 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2008-04-06 11:14:35 +0000 |
| commit | 0df2e6b41de8b35845aa2f297ef8d39b85ba3d47 (patch) | |
| tree | 70f474ce5abb6147c4a45ce9b00b34797e6a4f44 /session.c | |
| parent | bfb5ee9d4b1a9dae5bc984975a9cf6c07a86492f (diff) | |
Backport from 4.9p1:
- Ignore ~/.ssh/rc if a sshd_config ForcedCommand is specified (see
http://www.securityfocus.com/bid/28531/info).
- Add no-user-rc authorized_keys option to disable execution of
~/.ssh/rc.
Diffstat (limited to 'session.c')
| -rw-r--r-- | session.c | 5 |
1 files changed, 3 insertions, 2 deletions
| @@ -1201,8 +1201,9 @@ do_rc_files(Session *s, const char *shell) | |||
| 1201 | do_xauth = | 1201 | do_xauth = |
| 1202 | s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL; | 1202 | s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL; |
| 1203 | 1203 | ||
| 1204 | /* ignore _PATH_SSH_USER_RC for subsystems */ | 1204 | /* ignore _PATH_SSH_USER_RC for subsystems and admin forced commands */ |
| 1205 | if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) { | 1205 | if (!s->is_subsystem && options.adm_forced_command == NULL && |
| 1206 | !no_user_rc && (stat(_PATH_SSH_USER_RC, &st) >= 0)) { | ||
| 1206 | snprintf(cmd, sizeof cmd, "%s -c '%s %s'", | 1207 | snprintf(cmd, sizeof cmd, "%s -c '%s %s'", |
| 1207 | shell, _PATH_BSHELL, _PATH_SSH_USER_RC); | 1208 | shell, _PATH_BSHELL, _PATH_SSH_USER_RC); |
| 1208 | if (debug_flag) | 1209 | if (debug_flag) |