From 0df2e6b41de8b35845aa2f297ef8d39b85ba3d47 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Sun, 6 Apr 2008 11:14:35 +0000 Subject: Backport from 4.9p1: - Ignore ~/.ssh/rc if a sshd_config ForcedCommand is specified (see http://www.securityfocus.com/bid/28531/info). - Add no-user-rc authorized_keys option to disable execution of ~/.ssh/rc. --- auth-options.c | 9 +++++++++ auth-options.h | 1 + debian/changelog | 5 +++++ session.c | 5 +++-- sshd.8 | 3 +++ sshd_config.5 | 4 +++- 6 files changed, 24 insertions(+), 3 deletions(-) diff --git a/auth-options.c b/auth-options.c index ca5e1c931..8f9df7a76 100644 --- a/auth-options.c +++ b/auth-options.c @@ -42,6 +42,7 @@ int no_port_forwarding_flag = 0; int no_agent_forwarding_flag = 0; int no_x11_forwarding_flag = 0; int no_pty_flag = 0; +int no_user_rc = 0; /* "command=" option. */ char *forced_command = NULL; @@ -61,6 +62,7 @@ auth_clear_options(void) no_port_forwarding_flag = 0; no_pty_flag = 0; no_x11_forwarding_flag = 0; + no_user_rc = 0; while (custom_environment) { struct envstring *ce = custom_environment; custom_environment = ce->next; @@ -121,6 +123,13 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) opts += strlen(cp); goto next_option; } + cp = "no-user-rc"; + if (strncasecmp(opts, cp, strlen(cp)) == 0) { + auth_debug_add("User rc file execution disabled."); + no_user_rc = 1; + opts += strlen(cp); + goto next_option; + } cp = "command=\""; if (strncasecmp(opts, cp, strlen(cp)) == 0) { opts += strlen(cp); diff --git a/auth-options.h b/auth-options.h index 853f8b517..86583cc47 100644 --- a/auth-options.h +++ b/auth-options.h @@ -26,6 +26,7 @@ extern int no_port_forwarding_flag; extern int no_agent_forwarding_flag; extern int no_x11_forwarding_flag; extern int no_pty_flag; +extern int no_user_rc; extern char *forced_command; extern struct envstring *custom_environment; extern int forced_tun_device; diff --git a/debian/changelog b/debian/changelog index b08532cc3..0556949c4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -5,6 +5,11 @@ openssh (1:4.7p1-8) UNRELEASED; urgency=low configurations (LP: #211400). * Tweak scp's reporting of filenames in verbose mode to be a bit less confusing with spaces (thanks, Nicolas Valcárcel; LP: #89945). + * Backport from 4.9p1: + - Ignore ~/.ssh/rc if a sshd_config ForcedCommand is specified (see + http://www.securityfocus.com/bid/28531/info). + - Add no-user-rc authorized_keys option to disable execution of + ~/.ssh/rc. -- Colin Watson Tue, 01 Apr 2008 14:12:43 +0100 diff --git a/session.c b/session.c index b6f314739..997ee5fa9 100644 --- a/session.c +++ b/session.c @@ -1201,8 +1201,9 @@ do_rc_files(Session *s, const char *shell) do_xauth = s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL; - /* ignore _PATH_SSH_USER_RC for subsystems */ - if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) { + /* ignore _PATH_SSH_USER_RC for subsystems and admin forced commands */ + if (!s->is_subsystem && options.adm_forced_command == NULL && + !no_user_rc && (stat(_PATH_SSH_USER_RC, &st) >= 0)) { snprintf(cmd, sizeof cmd, "%s -c '%s %s'", shell, _PATH_BSHELL, _PATH_SSH_USER_RC); if (debug_flag) diff --git a/sshd.8 b/sshd.8 index 476474837..42f1cf7c5 100644 --- a/sshd.8 +++ b/sshd.8 @@ -534,6 +534,9 @@ This might be used, e.g. in connection with the option. .It Cm no-pty Prevents tty allocation (a request to allocate a pty will fail). +.It Cm no-user-rc +Disables execution of +.Pa ~/.ssh/rc . .It Cm no-X11-forwarding Forbids X11 forwarding when this key is used for authentication. Any X11 forward requests by the client will return an error. diff --git a/sshd_config.5 b/sshd_config.5 index fab43af42..a7a7227b2 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -311,7 +311,9 @@ for more information on patterns. .It Cm ForceCommand Forces the execution of the command specified by .Cm ForceCommand , -ignoring any command supplied by the client. +ignoring any command supplied by the client and +.Pa ~/.ssh/rc +if present. The command is invoked by using the user's login shell with the -c option. This applies to shell, command, or subsystem execution. It is most useful inside a -- cgit v1.2.3