diff options
| author |   Mike Frysinger <vapier@gentoo.org> | 2008-04-01 18:44:00 +0000 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2008-04-01 18:44:00 +0000 |
| commit | bf430ae9d09a5931df04cf917072343ff6e65e13 (patch) | |
| tree | dcf11cb1db6263e763549fb12d44056f50307efa /net-misc/openssh/files | |
| parent | remove unused version (diff) | |
| download | gentoo-2-bf430ae9d09a5931df04cf917072343ff6e65e13.tar.gz gentoo-2-bf430ae9d09a5931df04cf917072343ff6e65e13.tar.bz2 gentoo-2-bf430ae9d09a5931df04cf917072343ff6e65e13.zip | |
Fix for ForceCommand bypass #215702.
(Portage version: 2.2_pre5)
Diffstat (limited to 'net-misc/openssh/files')
| -rw-r--r-- | net-misc/openssh/files/openssh-4.7_p1-ForceCommand.patch | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/net-misc/openssh/files/openssh-4.7_p1-ForceCommand.patch b/net-misc/openssh/files/openssh-4.7_p1-ForceCommand.patch new file mode 100644 index 000000000000..93072236d128 --- /dev/null +++ b/net-misc/openssh/files/openssh-4.7_p1-ForceCommand.patch @@ -0,0 +1,24 @@ +security fix + +http://bugs.gentoo.org/215702 +ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/001_openssh.patch + +Index: usr.bin/ssh/session.c +=================================================================== +RCS file: /cvs/src/usr.bin/ssh/session.c,v +retrieving revision 1.230 +diff -u -r1.230 session.c +--- usr.bin/ssh/session.c 22 Feb 2008 05:58:56 -0000 1.230 ++++ usr.bin/ssh/session.c 27 Mar 2008 10:54:55 -0000 +@@ -878,8 +878,9 @@ + do_xauth = + s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL; + +- /* ignore _PATH_SSH_USER_RC for subsystems */ +- if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) { ++ /* ignore _PATH_SSH_USER_RC for subsystems and admin forced commands */ ++ if (!s->is_subsystem && options.adm_forced_command == NULL && ++ (stat(_PATH_SSH_USER_RC, &st) >= 0)) { + snprintf(cmd, sizeof cmd, "%s -c '%s %s'", + shell, _PATH_BSHELL, _PATH_SSH_USER_RC); + if (debug_flag) |