diff options
| author | Damien Miller <djm@mindrot.org> | 2008-03-27 01:02:02 +0100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2008-03-27 01:02:02 +0100 |
| commit | a1b48ccf2d7383bc0cdc158324e400dd4f7ce87a (patch) | |
| tree | c045e23f4ffb7046e6c19f086956710467a41661 | |
| parent | - deraadt@cvs.openbsd.org 2008/03/24 16:11:07 (diff) | |
| download | openssh-a1b48ccf2d7383bc0cdc158324e400dd4f7ce87a.tar.xz openssh-a1b48ccf2d7383bc0cdc158324e400dd4f7ce87a.zip | |
- djm@cvs.openbsd.org 2008/03/25 11:58:02
[session.c sshd_config.5]
ignore ~/.ssh/rc if a sshd_config ForceCommand is specified;
from dtucker@ ok deraadt@ djm@
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | session.c | 7 | ||||
| -rw-r--r-- | sshd_config.5 | 8 |
3 files changed, 14 insertions, 7 deletions
@@ -33,6 +33,10 @@ works now that kernel fd passing has been fixed to accept a bit of sloppiness because of this ABI repair. lots of discussion with kettenis + - djm@cvs.openbsd.org 2008/03/25 11:58:02 + [session.c sshd_config.5] + ignore ~/.ssh/rc if a sshd_config ForceCommand is specified; + from dtucker@ ok deraadt@ djm@ 20080315 - (djm) [regress/test-exec.sh] Quote putty-related variables in case they are @@ -3801,4 +3805,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4886 2008/03/27 00:01:15 djm Exp $ +$Id: ChangeLog,v 1.4887 2008/03/27 00:02:02 djm Exp $ @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.230 2008/02/22 05:58:56 djm Exp $ */ +/* $OpenBSD: session.c,v 1.231 2008/03/25 11:58:02 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -1202,8 +1202,9 @@ do_rc_files(Session *s, const char *shell) do_xauth = s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL; - /* ignore _PATH_SSH_USER_RC for subsystems */ - if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) { + /* ignore _PATH_SSH_USER_RC for subsystems and admin forced commands */ + if (!s->is_subsystem && options.adm_forced_command != NULL && + (stat(_PATH_SSH_USER_RC, &st) >= 0)) { snprintf(cmd, sizeof cmd, "%s -c '%s %s'", shell, _PATH_BSHELL, _PATH_SSH_USER_RC); if (debug_flag) diff --git a/sshd_config.5 b/sshd_config.5 index a2f193470..245ed946f 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.83 2008/02/11 07:58:28 jmc Exp $ -.Dd $Mdocdate: February 11 2008 $ +.\" $OpenBSD: sshd_config.5,v 1.84 2008/03/25 11:58:02 djm Exp $ +.Dd $Mdocdate: March 25 2008 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -324,7 +324,9 @@ for more information on patterns. .It Cm ForceCommand Forces the execution of the command specified by .Cm ForceCommand , -ignoring any command supplied by the client. +ignoring any command supplied by the client and +.Pa ~/.ssh/rc +if present. The command is invoked by using the user's login shell with the -c option. This applies to shell, command, or subsystem execution. It is most useful inside a |