summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--auth-options.c9
-rw-r--r--auth-options.h1
-rw-r--r--debian/changelog5
-rw-r--r--session.c5
-rw-r--r--sshd.83
-rw-r--r--sshd_config.54
6 files changed, 24 insertions, 3 deletions
diff --git a/auth-options.c b/auth-options.c
index ca5e1c931..8f9df7a76 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -42,6 +42,7 @@ int no_port_forwarding_flag = 0;
42int no_agent_forwarding_flag = 0; 42int no_agent_forwarding_flag = 0;
43int no_x11_forwarding_flag = 0; 43int no_x11_forwarding_flag = 0;
44int no_pty_flag = 0; 44int no_pty_flag = 0;
45int no_user_rc = 0;
45 46
46/* "command=" option. */ 47/* "command=" option. */
47char *forced_command = NULL; 48char *forced_command = NULL;
@@ -61,6 +62,7 @@ auth_clear_options(void)
61 no_port_forwarding_flag = 0; 62 no_port_forwarding_flag = 0;
62 no_pty_flag = 0; 63 no_pty_flag = 0;
63 no_x11_forwarding_flag = 0; 64 no_x11_forwarding_flag = 0;
65 no_user_rc = 0;
64 while (custom_environment) { 66 while (custom_environment) {
65 struct envstring *ce = custom_environment; 67 struct envstring *ce = custom_environment;
66 custom_environment = ce->next; 68 custom_environment = ce->next;
@@ -121,6 +123,13 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
121 opts += strlen(cp); 123 opts += strlen(cp);
122 goto next_option; 124 goto next_option;
123 } 125 }
126 cp = "no-user-rc";
127 if (strncasecmp(opts, cp, strlen(cp)) == 0) {
128 auth_debug_add("User rc file execution disabled.");
129 no_user_rc = 1;
130 opts += strlen(cp);
131 goto next_option;
132 }
124 cp = "command=\""; 133 cp = "command=\"";
125 if (strncasecmp(opts, cp, strlen(cp)) == 0) { 134 if (strncasecmp(opts, cp, strlen(cp)) == 0) {
126 opts += strlen(cp); 135 opts += strlen(cp);
diff --git a/auth-options.h b/auth-options.h
index 853f8b517..86583cc47 100644
--- a/auth-options.h
+++ b/auth-options.h
@@ -26,6 +26,7 @@ extern int no_port_forwarding_flag;
26extern int no_agent_forwarding_flag; 26extern int no_agent_forwarding_flag;
27extern int no_x11_forwarding_flag; 27extern int no_x11_forwarding_flag;
28extern int no_pty_flag; 28extern int no_pty_flag;
29extern int no_user_rc;
29extern char *forced_command; 30extern char *forced_command;
30extern struct envstring *custom_environment; 31extern struct envstring *custom_environment;
31extern int forced_tun_device; 32extern int forced_tun_device;
diff --git a/debian/changelog b/debian/changelog
index b08532cc3..0556949c4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,11 @@ openssh (1:4.7p1-8) UNRELEASED; urgency=low
5 configurations (LP: #211400). 5 configurations (LP: #211400).
6 * Tweak scp's reporting of filenames in verbose mode to be a bit less 6 * Tweak scp's reporting of filenames in verbose mode to be a bit less
7 confusing with spaces (thanks, Nicolas Valcárcel; LP: #89945). 7 confusing with spaces (thanks, Nicolas Valcárcel; LP: #89945).
8 * Backport from 4.9p1:
9 - Ignore ~/.ssh/rc if a sshd_config ForcedCommand is specified (see
10 http://www.securityfocus.com/bid/28531/info).
11 - Add no-user-rc authorized_keys option to disable execution of
12 ~/.ssh/rc.
8 13
9 -- Colin Watson <cjwatson@debian.org> Tue, 01 Apr 2008 14:12:43 +0100 14 -- Colin Watson <cjwatson@debian.org> Tue, 01 Apr 2008 14:12:43 +0100
10 15
diff --git a/session.c b/session.c
index b6f314739..997ee5fa9 100644
--- a/session.c
+++ b/session.c
@@ -1201,8 +1201,9 @@ do_rc_files(Session *s, const char *shell)
1201 do_xauth = 1201 do_xauth =
1202 s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL; 1202 s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL;
1203 1203
1204 /* ignore _PATH_SSH_USER_RC for subsystems */ 1204 /* ignore _PATH_SSH_USER_RC for subsystems and admin forced commands */
1205 if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) { 1205 if (!s->is_subsystem && options.adm_forced_command == NULL &&
1206 !no_user_rc && (stat(_PATH_SSH_USER_RC, &st) >= 0)) {
1206 snprintf(cmd, sizeof cmd, "%s -c '%s %s'", 1207 snprintf(cmd, sizeof cmd, "%s -c '%s %s'",
1207 shell, _PATH_BSHELL, _PATH_SSH_USER_RC); 1208 shell, _PATH_BSHELL, _PATH_SSH_USER_RC);
1208 if (debug_flag) 1209 if (debug_flag)
diff --git a/sshd.8 b/sshd.8
index 476474837..42f1cf7c5 100644
--- a/sshd.8
+++ b/sshd.8
@@ -534,6 +534,9 @@ This might be used, e.g. in connection with the
534option. 534option.
535.It Cm no-pty 535.It Cm no-pty
536Prevents tty allocation (a request to allocate a pty will fail). 536Prevents tty allocation (a request to allocate a pty will fail).
537.It Cm no-user-rc
538Disables execution of
539.Pa ~/.ssh/rc .
537.It Cm no-X11-forwarding 540.It Cm no-X11-forwarding
538Forbids X11 forwarding when this key is used for authentication. 541Forbids X11 forwarding when this key is used for authentication.
539Any X11 forward requests by the client will return an error. 542Any X11 forward requests by the client will return an error.
diff --git a/sshd_config.5 b/sshd_config.5
index fab43af42..a7a7227b2 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -311,7 +311,9 @@ for more information on patterns.
311.It Cm ForceCommand 311.It Cm ForceCommand
312Forces the execution of the command specified by 312Forces the execution of the command specified by
313.Cm ForceCommand , 313.Cm ForceCommand ,
314ignoring any command supplied by the client. 314ignoring any command supplied by the client and
315.Pa ~/.ssh/rc
316if present.
315The command is invoked by using the user's login shell with the -c option. 317The command is invoked by using the user's login shell with the -c option.
316This applies to shell, command, or subsystem execution. 318This applies to shell, command, or subsystem execution.
317It is most useful inside a 319It is most useful inside a