[Midnightbsd-cvs] src: session.c: Fix a problem with OpenSSH which allows remote
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Sun Apr 20 12:53:44 EDT 2008
Log Message:
-----------
Fix a problem with OpenSSH which allows remote authenitcated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.
Obtained from OpenBSD/DragonFly.
This only affects OpenSSH prior to 4.9 and thus does not affect CURRENT.
Tags:
----
RELENG_0_1
Modified Files:
--------------
src/crypto/openssh:
session.c (r1.4 -> r1.4.2.1)
-------------- next part --------------
Index: session.c
===================================================================
RCS file: /home/cvs/src/crypto/openssh/session.c,v
retrieving revision 1.4
retrieving revision 1.4.2.1
diff -L crypto/openssh/session.c -L crypto/openssh/session.c -u -r1.4 -r1.4.2.1
--- crypto/openssh/session.c
+++ crypto/openssh/session.c
@@ -1201,8 +1201,9 @@
do_xauth =
s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL;
- /* ignore _PATH_SSH_USER_RC for subsystems */
- if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) {
+ /* ignore _PATH_SSH_USER_RC for subsystems and admin forced commands */
+ if (!s->is_subsystem && options.adm_forced_command == NULL &&
+ (stat(_PATH_SSH_USER_RC, &st) >= 0)) {
snprintf(cmd, sizeof cmd, "%s -c '%s %s'",
shell, _PATH_BSHELL, _PATH_SSH_USER_RC);
if (debug_flag)
More information about the Midnightbsd-cvs
mailing list