diff options
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | session.c | 7 | ||||
-rw-r--r-- | sshd.8 | 16 |
3 files changed, 23 insertions, 5 deletions
@@ -15,6 +15,9 @@ | |||
15 | - markus@cvs.openbsd.org 2001/06/19 12:34:09 | 15 | - markus@cvs.openbsd.org 2001/06/19 12:34:09 |
16 | [session.c] | 16 | [session.c] |
17 | cleanup forced command handling, from dwd@bell-labs.com | 17 | cleanup forced command handling, from dwd@bell-labs.com |
18 | - markus@cvs.openbsd.org 2001/06/19 14:09:45 | ||
19 | [session.c sshd.8] | ||
20 | disable x11-fwd if use_login is enabled; from lukem@wasabisystems.com | ||
18 | 21 | ||
19 | 20010615 | 22 | 20010615 |
20 | - (stevesk) don't set SA_RESTART and set SIGCHLD to SIG_DFL | 23 | - (stevesk) don't set SA_RESTART and set SIGCHLD to SIG_DFL |
@@ -5667,4 +5670,4 @@ | |||
5667 | - Wrote replacements for strlcpy and mkdtemp | 5670 | - Wrote replacements for strlcpy and mkdtemp |
5668 | - Released 1.0pre1 | 5671 | - Released 1.0pre1 |
5669 | 5672 | ||
5670 | $Id: ChangeLog,v 1.1293 2001/06/21 03:13:10 mouring Exp $ | 5673 | $Id: ChangeLog,v 1.1294 2001/06/21 03:14:49 mouring Exp $ |
@@ -33,7 +33,7 @@ | |||
33 | */ | 33 | */ |
34 | 34 | ||
35 | #include "includes.h" | 35 | #include "includes.h" |
36 | RCSID("$OpenBSD: session.c,v 1.90 2001/06/19 12:34:09 markus Exp $"); | 36 | RCSID("$OpenBSD: session.c,v 1.91 2001/06/19 14:09:45 markus Exp $"); |
37 | 37 | ||
38 | #include "ssh.h" | 38 | #include "ssh.h" |
39 | #include "ssh1.h" | 39 | #include "ssh1.h" |
@@ -1980,6 +1980,11 @@ session_setup_x11fwd(Session *s) | |||
1980 | packet_send_debug("No xauth program; cannot forward with spoofing."); | 1980 | packet_send_debug("No xauth program; cannot forward with spoofing."); |
1981 | return 0; | 1981 | return 0; |
1982 | } | 1982 | } |
1983 | if (options.use_login) { | ||
1984 | packet_send_debug("X11 forwarding disabled; " | ||
1985 | "not compatible with UseLogin=yes."); | ||
1986 | return 0; | ||
1987 | } | ||
1983 | if (s->display != NULL) { | 1988 | if (s->display != NULL) { |
1984 | debug("X11 display already set."); | 1989 | debug("X11 display already set."); |
1985 | return 0; | 1990 | return 0; |
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd.8,v 1.126 2001/06/11 16:04:38 markus Exp $ | 37 | .\" $OpenBSD: sshd.8,v 1.127 2001/06/19 14:09:45 markus Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSHD 8 | 39 | .Dt SSHD 8 |
40 | .Os | 40 | .Os |
@@ -796,11 +796,18 @@ The default is AUTH. | |||
796 | Specifies whether | 796 | Specifies whether |
797 | .Xr login 1 | 797 | .Xr login 1 |
798 | is used for interactive login sessions. | 798 | is used for interactive login sessions. |
799 | The default is | ||
800 | .Dq no . | ||
799 | Note that | 801 | Note that |
800 | .Xr login 1 | 802 | .Xr login 1 |
801 | is never used for remote command execution. | 803 | is never used for remote command execution. |
802 | The default is | 804 | Note also, that if this is enabled, |
803 | .Dq no . | 805 | .Cm X11Forwarding |
806 | will be disabled because | ||
807 | .Xr login 1 | ||
808 | does not know how to handle | ||
809 | .Xr xauth 1 | ||
810 | cookies. | ||
804 | .It Cm X11DisplayOffset | 811 | .It Cm X11DisplayOffset |
805 | Specifies the first display number available for | 812 | Specifies the first display number available for |
806 | .Nm sshd Ns 's | 813 | .Nm sshd Ns 's |
@@ -815,6 +822,9 @@ The default is | |||
815 | .Dq no . | 822 | .Dq no . |
816 | Note that disabling X11 forwarding does not improve security in any | 823 | Note that disabling X11 forwarding does not improve security in any |
817 | way, as users can always install their own forwarders. | 824 | way, as users can always install their own forwarders. |
825 | X11 forwarding is automatically disabled if | ||
826 | .Cm UseLogin | ||
827 | is enabled. | ||
818 | .It Cm XAuthLocation | 828 | .It Cm XAuthLocation |
819 | Specifies the location of the | 829 | Specifies the location of the |
820 | .Xr xauth 1 | 830 | .Xr xauth 1 |