works now that kernel fd passing has been fixed to accept a bit of
sloppiness because of this ABI repair.
lots of discussion with kettenis
+ - djm@cvs.openbsd.org 2008/03/25 11:58:02
+ [session.c sshd_config.5]
+ ignore ~/.ssh/rc if a sshd_config ForceCommand is specified;
+ from dtucker@ ok deraadt@ djm@
20080315
- (djm) [regress/test-exec.sh] Quote putty-related variables in case they are
-/* $OpenBSD: session.c,v 1.230 2008/02/22 05:58:56 djm Exp $ */
+/* $OpenBSD: session.c,v 1.231 2008/03/25 11:58:02 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
do_xauth =
s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL;
- /* ignore _PATH_SSH_USER_RC for subsystems */
- if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) {
+ /* ignore _PATH_SSH_USER_RC for subsystems and admin forced commands */
+ if (!s->is_subsystem && options.adm_forced_command != NULL &&
+ (stat(_PATH_SSH_USER_RC, &st) >= 0)) {
snprintf(cmd, sizeof cmd, "%s -c '%s %s'",
shell, _PATH_BSHELL, _PATH_SSH_USER_RC);
if (debug_flag)
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.83 2008/02/11 07:58:28 jmc Exp $
+.\" $OpenBSD: sshd_config.5,v 1.84 2008/03/25 11:58:02 djm Exp $
.Dd $Mdocdate$
.Dt SSHD_CONFIG 5
.Os
.It Cm ForceCommand
Forces the execution of the command specified by
.Cm ForceCommand ,
-ignoring any command supplied by the client.
+ignoring any command supplied by the client and
+.Pa ~/.ssh/rc
+if present.
The command is invoked by using the user's login shell with the -c option.
This applies to shell, command, or subsystem execution.
It is most useful inside a