From: djm <djm>
Date: Wed, 25 Sep 2002 02:20:52 +0000 (+0000)
Subject:    - todd@cvs.openbsd.org 2002/09/24 20:59:44
X-Git-Tag: V_3_5_P1~17
X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/commitdiff_plain/cb11b555c0ef88218155e1b94972842cc88b656b

   - todd@cvs.openbsd.org 2002/09/24 20:59:44
     [sshd.8]
     tweak the example $HOME/.ssh/rc script to not show on any cmdline the
     sensitive data it handles. This fixes bug # 402 as reported by
     kolya@mit.edu (Nickolai Zeldovich).
     ok markus@ and stevesk@
---

diff --git a/ChangeLog b/ChangeLog
index 132b035f..30dae967 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,12 @@
    - markus@cvs.openbsd.org 2002/09/24 08:46:04
      [monitor.c]
      only call kerberos code for authctxt->valid
+   - todd@cvs.openbsd.org 2002/09/24 20:59:44
+     [sshd.8]
+     tweak the example $HOME/.ssh/rc script to not show on any cmdline the
+     sensitive data it handles. This fixes bug # 402 as reported by
+     kolya@mit.edu (Nickolai Zeldovich).
+     ok markus@ and stevesk@
 
 20020923
  - (tim) [configure.ac] s/return/exit/ patch by dtucker@zip.com.au
diff --git a/sshd.8 b/sshd.8
index 10098b87..22ab70e0 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.192 2002/09/16 22:03:13 stevesk Exp $
+.\" $OpenBSD: sshd.8,v 1.193 2002/09/24 20:59:44 todd Exp $
 .Dd September 25, 1999
 .Dt SSHD 8
 .Os
@@ -737,12 +737,12 @@ something similar to:
 if read proto cookie && [ -n "$DISPLAY" ]; then
 	if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then
 		# X11UseLocalhost=yes
-		xauth add unix:`echo $DISPLAY |
+		echo add unix:`echo $DISPLAY |
 		    cut -c11-` $proto $cookie
 	else
 		# X11UseLocalhost=no
-		xauth add $DISPLAY $proto $cookie
-	fi
+		echo add $DISPLAY $proto $cookie
+	fi | xauth -q -
 fi
 .Ed
 .Pp