From: djm Date: Thu, 27 Mar 2008 00:02:02 +0000 (+0000) Subject: - djm@cvs.openbsd.org 2008/03/25 11:58:02 X-Git-Tag: V_4_9_P1~11 X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/commitdiff_plain/6e2a8e29155afa29ea2d2177648e80a1d99d9696 - djm@cvs.openbsd.org 2008/03/25 11:58:02 [session.c sshd_config.5] ignore ~/.ssh/rc if a sshd_config ForceCommand is specified; from dtucker@ ok deraadt@ djm@ --- diff --git a/ChangeLog b/ChangeLog index c3ec7352..188dbf9f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -33,6 +33,10 @@ works now that kernel fd passing has been fixed to accept a bit of sloppiness because of this ABI repair. lots of discussion with kettenis + - djm@cvs.openbsd.org 2008/03/25 11:58:02 + [session.c sshd_config.5] + ignore ~/.ssh/rc if a sshd_config ForceCommand is specified; + from dtucker@ ok deraadt@ djm@ 20080315 - (djm) [regress/test-exec.sh] Quote putty-related variables in case they are diff --git a/session.c b/session.c index 54621a4c..3dcf222f 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.230 2008/02/22 05:58:56 djm Exp $ */ +/* $OpenBSD: session.c,v 1.231 2008/03/25 11:58:02 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -1202,8 +1202,9 @@ do_rc_files(Session *s, const char *shell) do_xauth = s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL; - /* ignore _PATH_SSH_USER_RC for subsystems */ - if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) { + /* ignore _PATH_SSH_USER_RC for subsystems and admin forced commands */ + if (!s->is_subsystem && options.adm_forced_command != NULL && + (stat(_PATH_SSH_USER_RC, &st) >= 0)) { snprintf(cmd, sizeof cmd, "%s -c '%s %s'", shell, _PATH_BSHELL, _PATH_SSH_USER_RC); if (debug_flag) diff --git a/sshd_config.5 b/sshd_config.5 index 04bee73d..be023414 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.83 2008/02/11 07:58:28 jmc Exp $ +.\" $OpenBSD: sshd_config.5,v 1.84 2008/03/25 11:58:02 djm Exp $ .Dd $Mdocdate$ .Dt SSHD_CONFIG 5 .Os @@ -324,7 +324,9 @@ for more information on patterns. .It Cm ForceCommand Forces the execution of the command specified by .Cm ForceCommand , -ignoring any command supplied by the client. +ignoring any command supplied by the client and +.Pa ~/.ssh/rc +if present. The command is invoked by using the user's login shell with the -c option. This applies to shell, command, or subsystem execution. It is most useful inside a