Bugzilla – Attachment 1777 Details for
Bug 1679
chroot and shell check ambiguity
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
/home/djm/auth-check-chroot-shell.diff
auth-check-chroot-shell.diff (text/plain), 1.96 KB, created by
Damien Miller
on 2010-01-13 23:25:59 AEDT
(
hide
)
Description:
/home/djm/auth-check-chroot-shell.diff
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2010-01-13 23:25:59 AEDT
Size:
1.96 KB
patch
obsolete
>Index: auth.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/auth.c,v >retrieving revision 1.82 >diff -u -p -r1.82 auth.c >--- auth.c 13 Jan 2010 00:19:04 -0000 1.82 >+++ auth.c 13 Jan 2010 12:25:08 -0000 >@@ -79,7 +79,7 @@ allowed_user(struct passwd * pw) > { > struct stat st; > const char *hostname = NULL, *ipaddr = NULL; >- char *shell; >+ char *shell, *tmp, *chroot_path; > u_int i; > > /* Shouldn't be called if pw is NULL, but better safe than sorry... */ >@@ -90,20 +90,40 @@ allowed_user(struct passwd * pw) > * Get the shell from the password data. An empty shell field is > * legal, and means /bin/sh. > */ >- shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell; >+ shell = xstrdup((pw->pw_shell[0] == '\0') ? >+ _PATH_BSHELL : pw->pw_shell); >+ >+ /* >+ * Amend shell if chroot is requested. >+ */ >+ if (options.chroot_directory != NULL && >+ strcasecmp(options.chroot_directory, "none") != 0) { >+ tmp = tilde_expand_filename(options.chroot_directory, >+ pw->pw_uid); >+ chroot_path = percent_expand(tmp, "h", pw->pw_dir, >+ "u", pw->pw_name, (char *)NULL); >+ xfree(tmp); >+ xasprintf(&tmp, "%s/%s", chroot_path, shell); >+ xfree(shell); >+ shell = tmp; >+ free(chroot_path); >+ } > > /* deny if shell does not exists or is not executable */ > if (stat(shell, &st) != 0) { > logit("User %.100s not allowed because shell %.100s does not exist", > pw->pw_name, shell); >+ xfree(shell); > return 0; > } > if (S_ISREG(st.st_mode) == 0 || > (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) { > logit("User %.100s not allowed because shell %.100s is not executable", > pw->pw_name, shell); >+ xfree(shell); > return 0; > } >+ xfree(shell); > > if (options.num_deny_users > 0 || options.num_allow_users > 0 || > options.num_deny_groups > 0 || options.num_allow_groups > 0) {
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1777">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1679
:
1737
|
1738
| 1777 |
1778