upstream: New EnableEscapeCommandline ssh_config(5) option

This option (default "no") controls whether the ~C escape is available. Turning it off by default means we will soon be able to use a stricter default pledge(2) in the client. feedback deraadt@ dtucker@; tested in snaps for a while OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a
author: djm@openbsd.org <djm@openbsd.org> 2022-11-28 01:37:36 +0000
committer: Darren Tucker <dtucker@dtucker.net> 2022-11-30 12:16:08 +1100
commit: f7cebbbf407d772ed71403d314343766782fe540 (patch)
tree: dfda77bb010623650d4ae80ae539d6542e52641d /readconf.c
parent: d323f7ecf52e3d4ec1f4939bf31693e02f891dca (diff)
1 files changed, 11 insertions, 1 deletions
diff --git a/readconf.c b/readconf.c
index 42be690b..794fac6d 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.369 2022/09/17 10:33:18 djm Exp $ */
+/* $OpenBSD: readconf.c,v 1.370 2022/11/28 01:37:36 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -175,6 +175,7 @@ typedef enum {
 	oFingerprintHash, oUpdateHostkeys, oHostbasedAcceptedAlgorithms,
 	oPubkeyAcceptedAlgorithms, oCASignatureAlgorithms, oProxyJump,
 	oSecurityKeyProvider, oKnownHostsCommand, oRequiredRSASize,
+	oEnableEscapeCommandline,
 	oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported
 } OpCodes;
 
@@ -321,6 +322,7 @@ static struct {
 	{ "securitykeyprovider", oSecurityKeyProvider },
 	{ "knownhostscommand", oKnownHostsCommand },
 	{ "requiredrsasize", oRequiredRSASize },
+	{ "enableescapecommandline", oEnableEscapeCommandline },
 
 	{ NULL, oBadOption }
 };
@@ -2177,6 +2179,10 @@ parse_pubkey_algos:
 			*charptr = xstrdup(arg);
 		break;
 
+	case oEnableEscapeCommandline:
+		intptr = &options->enable_escape_commandline;
+		goto parse_flag;
+
 	case oRequiredRSASize:
 		intptr = &options->required_rsa_size;
 		goto parse_int;
@@ -2429,6 +2435,7 @@ initialize_options(Options * options)
 	options->pubkey_accepted_algos = NULL;
 	options->known_hosts_command = NULL;
 	options->required_rsa_size = -1;
+	options->enable_escape_commandline = -1;
 }
 
 /*
@@ -2627,6 +2634,8 @@ fill_default_options(Options * options)
 #endif
 	if (options->required_rsa_size == -1)
 		options->required_rsa_size = SSH_RSA_MINIMUM_MODULUS_SIZE;
+	if (options->enable_escape_commandline == -1)
+		options->enable_escape_commandline = 0;
 
 	/* Expand KEX name lists */
 	all_cipher = cipher_alg_list(',', 0);
@@ -3308,6 +3317,7 @@ dump_client_config(Options *o, const char *host)
 	dump_cfg_fmtint(oVerifyHostKeyDNS, o->verify_host_key_dns);
 	dump_cfg_fmtint(oVisualHostKey, o->visual_host_key);
 	dump_cfg_fmtint(oUpdateHostkeys, o->update_hostkeys);
+	dump_cfg_fmtint(oEnableEscapeCommandline, o->enable_escape_commandline);
 
 	/* Integer options */
 	dump_cfg_int(oCanonicalizeMaxDots, o->canonicalize_max_dots);
author	djm@openbsd.org <djm@openbsd.org>	2022-11-28 01:37:36 +0000
committer	Darren Tucker <dtucker@dtucker.net>	2022-11-30 12:16:08 +1100
commit	f7cebbbf407d772ed71403d314343766782fe540 (patch)
tree	dfda77bb010623650d4ae80ae539d6542e52641d /readconf.c
parent	d323f7ecf52e3d4ec1f4939bf31693e02f891dca (diff)