diff options
| author |   djm <djm@openbsd.org> | 2008-03-25 11:58:02 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2008-03-25 11:58:02 +0000 |
| commit | 264b64f6b445a83b46ec626f6fce16a19368c8c3 (patch) | |
| tree | 9da0d36b25c77b011553f605470e32df5537ff99 | |
| parent | section 3, Darrin Chandler (diff) | |
| download | wireguard-openbsd-264b64f6b445a83b46ec626f6fce16a19368c8c3.tar.xz wireguard-openbsd-264b64f6b445a83b46ec626f6fce16a19368c8c3.zip | |
ignore ~/.ssh/rc if a sshd_config ForceCommand is specified;
from dtucker@ ok deraadt@ djm@
| -rw-r--r-- | usr.bin/ssh/session.c | 7 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd_config.5 | 8 |
2 files changed, 9 insertions, 6 deletions
diff --git a/usr.bin/ssh/session.c b/usr.bin/ssh/session.c index 4ebe10d3aca..be0f00df4d3 100644 --- a/usr.bin/ssh/session.c +++ b/usr.bin/ssh/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.230 2008/02/22 05:58:56 djm Exp $ */ +/* $OpenBSD: session.c,v 1.231 2008/03/25 11:58:02 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -878,8 +878,9 @@ do_rc_files(Session *s, const char *shell) do_xauth = s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL; - /* ignore _PATH_SSH_USER_RC for subsystems */ - if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) { + /* ignore _PATH_SSH_USER_RC for subsystems and admin forced commands */ + if (!s->is_subsystem && options.adm_forced_command != NULL && + (stat(_PATH_SSH_USER_RC, &st) >= 0)) { snprintf(cmd, sizeof cmd, "%s -c '%s %s'", shell, _PATH_BSHELL, _PATH_SSH_USER_RC); if (debug_flag) diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5 index a6d8eed6255..9212eb5ac5b 100644 --- a/usr.bin/ssh/sshd_config.5 +++ b/usr.bin/ssh/sshd_config.5 @@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.83 2008/02/11 07:58:28 jmc Exp $ -.Dd $Mdocdate: February 11 2008 $ +.\" $OpenBSD: sshd_config.5,v 1.84 2008/03/25 11:58:02 djm Exp $ +.Dd $Mdocdate: March 25 2008 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -324,7 +324,9 @@ for more information on patterns. .It Cm ForceCommand Forces the execution of the command specified by .Cm ForceCommand , -ignoring any command supplied by the client. +ignoring any command supplied by the client and +.Pa ~/.ssh/rc +if present. The command is invoked by using the user's login shell with the -c option. This applies to shell, command, or subsystem execution. It is most useful inside a |