Bugzilla – Attachment 2751 Details for
Bug 2486
allow ForceCommand none or similar
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
accept "none" to ForceCommand and ChrootDirectory
bz2486.diff (text/plain), 1.73 KB, created by
Damien Miller
on 2015-11-13 13:53:50 AEDT
(
hide
)
Description:
accept "none" to ForceCommand and ChrootDirectory
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2015-11-13 13:53:50 AEDT
Size:
1.73 KB
patch
obsolete
>diff --git a/servconf.c b/servconf.c >index 17cb094..e367dc9 100644 >--- a/servconf.c >+++ b/servconf.c >@@ -373,6 +373,8 @@ fill_default_server_options(ServerOptions *options) > CLEAR_ON_NONE(options->trusted_user_ca_keys); > CLEAR_ON_NONE(options->revoked_keys_file); > CLEAR_ON_NONE(options->authorized_principals_file); >+ CLEAR_ON_NONE(options->adm_forced_command); >+ CLEAR_ON_NONE(options->chroot_directory); > for (i = 0; i < options->num_host_key_files; i++) > CLEAR_ON_NONE(options->host_key_files[i]); > for (i = 0; i < options->num_host_cert_files; i++) >@@ -2034,8 +2036,17 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) > if (preauth) > return; > >+ /* These options may be "none" to clear a global setting */ > M_CP_STROPT(adm_forced_command); >+ if (option_clear_or_none(dst->adm_forced_command)) { >+ free(dst->adm_forced_command); >+ dst->adm_forced_command = NULL; >+ } > M_CP_STROPT(chroot_directory); >+ if (option_clear_or_none(dst->chroot_directory)) { >+ free(dst->chroot_directory); >+ dst->chroot_directory = NULL; >+ } > } > > #undef M_CP_INTOPT >diff --git a/sshd_config.5 b/sshd_config.5 >index 149dc7e..b1ca3db 100644 >--- a/sshd_config.5 >+++ b/sshd_config.5 >@@ -432,7 +432,9 @@ Misconfiguration can lead to unsafe environments which > .Xr sshd 8 > cannot detect. > .Pp >-The default is not to >+The default is >+.Dq none , >+indicating not to > .Xr chroot 2 . > .It Cm Ciphers > Specifies the ciphers allowed for protocol version 2. >@@ -599,6 +601,8 @@ Specifying a command of > will force the use of an in-process sftp server that requires no support > files when used with > .Cm ChrootDirectory . >+The default is >+.Dq none . > .It Cm GatewayPorts > Specifies whether remote hosts are allowed to connect to ports > forwarded for the client.
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2751">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
dtucker
:
ok+
Actions:
View
|
Diff
Attachments on
bug 2486
: 2751