- todd@cvs.openbsd.org 2002/09/24 20:59:44

     [sshd.8]
     tweak the example $HOME/.ssh/rc script to not show on any cmdline the
     sensitive data it handles. This fixes bug # 402 as reported by
     kolya@mit.edu (Nickolai Zeldovich).
     ok markus@ and stevesk@

diff --git a/ChangeLog b/ChangeLog
index 132b035fa1b944ed7967ae30397197a53de5c5ee..30dae967cacfcae90389ed21650aff038aa19247 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,12 @@
    - markus@cvs.openbsd.org 2002/09/24 08:46:04
      [monitor.c]
      only call kerberos code for authctxt->valid
+   - todd@cvs.openbsd.org 2002/09/24 20:59:44
+     [sshd.8]
+     tweak the example $HOME/.ssh/rc script to not show on any cmdline the
+     sensitive data it handles. This fixes bug # 402 as reported by
+     kolya@mit.edu (Nickolai Zeldovich).
+     ok markus@ and stevesk@
 
 20020923
  - (tim) [configure.ac] s/return/exit/ patch by dtucker@zip.com.au

diff --git a/sshd.8 b/sshd.8
index 10098b873e5c6919d72c2ba793f56eb017f4396f..22ab70e0021e50715e354627ab7a0b49f38259d0 100644 (file)
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.192 2002/09/16 22:03:13 stevesk Exp $
+.\" $OpenBSD: sshd.8,v 1.193 2002/09/24 20:59:44 todd Exp $
 .Dd September 25, 1999
 .Dt SSHD 8
 .Os
@@ -737,12 +737,12 @@ something similar to:
 if read proto cookie && [ -n "$DISPLAY" ]; then
        if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then
                # X11UseLocalhost=yes
-               xauth add unix:`echo $DISPLAY |
+               echo add unix:`echo $DISPLAY |
                    cut -c11-` $proto $cookie
        else
                # X11UseLocalhost=no
-               xauth add $DISPLAY $proto $cookie
-       fi
+               echo add $DISPLAY $proto $cookie
+       fi | xauth -q -
 fi
 .Ed
 .Pp