diff options
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | auth-options.c | 5 | ||||
| -rw-r--r-- | servconf.c | 12 | ||||
| -rw-r--r-- | servconf.h | 3 | ||||
| -rw-r--r-- | session.c | 4 | ||||
| -rw-r--r-- | sshd_config | 3 | ||||
| -rw-r--r-- | sshd_config.5 | 17 |
7 files changed, 40 insertions, 10 deletions
@@ -18,6 +18,10 @@ - markus@cvs.openbsd.org 2002/07/29 18:57:30 [sshconnect.c] print file:line + - markus@cvs.openbsd.org 2002/07/30 17:03:55 + [auth-options.c servconf.c servconf.h session.c sshd_config sshd_config.5] + add PermitUserEnvironment (off by default!); from dot@dotat.at; + ok provos, deraadt 20020730 - (bal) [uidswap.c] SCO compile correction by gert@greenie.muc.de @@ -1486,4 +1490,4 @@ - (stevesk) entropy.c: typo in debug message - (djm) ssh-keygen -i needs seeded RNG; report from markus@ -$Id: ChangeLog,v 1.2412 2002/08/01 01:26:29 mouring Exp $ +$Id: ChangeLog,v 1.2413 2002/08/01 01:28:38 mouring Exp $ diff --git a/auth-options.c b/auth-options.c index 41a29f79..8595fdc1 100644 --- a/auth-options.c +++ b/auth-options.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-options.c,v 1.25 2002/07/21 18:32:20 stevesk Exp $"); +RCSID("$OpenBSD: auth-options.c,v 1.26 2002/07/30 17:03:55 markus Exp $"); #include "xmalloc.h" #include "match.h" @@ -133,7 +133,8 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) goto next_option; } cp = "environment=\""; - if (strncasecmp(opts, cp, strlen(cp)) == 0) { + if (options.permit_user_env && + strncasecmp(opts, cp, strlen(cp)) == 0) { char *s; struct envstring *new_envstring; @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.112 2002/06/23 09:46:51 deraadt Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.113 2002/07/30 17:03:55 markus Exp $"); #if defined(KRB4) #include <krb.h> @@ -101,6 +101,7 @@ initialize_server_options(ServerOptions *options) options->kbd_interactive_authentication = -1; options->challenge_response_authentication = -1; options->permit_empty_passwd = -1; + options->permit_user_env = -1; options->use_login = -1; options->compression = -1; options->allow_tcp_forwarding = -1; @@ -223,6 +224,8 @@ fill_default_server_options(ServerOptions *options) options->challenge_response_authentication = 1; if (options->permit_empty_passwd == -1) options->permit_empty_passwd = 0; + if (options->permit_user_env == -1) + options->permit_user_env = 0; if (options->use_login == -1) options->use_login = 0; if (options->compression == -1) @@ -291,7 +294,7 @@ typedef enum { sPrintMotd, sPrintLastLog, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, sStrictModes, sEmptyPasswd, sKeepAlives, - sUseLogin, sAllowTcpForwarding, sCompression, + sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups, @@ -354,6 +357,7 @@ static struct { { "xauthlocation", sXAuthLocation }, { "strictmodes", sStrictModes }, { "permitemptypasswords", sEmptyPasswd }, + { "permituserenvironment", sPermitUserEnvironment }, { "uselogin", sUseLogin }, { "compression", sCompression }, { "keepalive", sKeepAlives }, @@ -713,6 +717,10 @@ parse_flag: intptr = &options->permit_empty_passwd; goto parse_flag; + case sPermitUserEnvironment: + intptr = &options->permit_user_env; + goto parse_flag; + case sUseLogin: intptr = &options->use_login; goto parse_flag; @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.58 2002/06/20 23:05:55 markus Exp $ */ +/* $OpenBSD: servconf.h,v 1.59 2002/07/30 17:03:55 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -97,6 +97,7 @@ typedef struct { int challenge_response_authentication; int permit_empty_passwd; /* If false, do not permit empty * passwords. */ + int permit_user_env; /* If true, read ~/.ssh/environment */ int use_login; /* If true, login(1) is used */ int compression; /* If true, compression is allowed */ int allow_tcp_forwarding; @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.145 2002/07/22 11:03:06 markus Exp $"); +RCSID("$OpenBSD: session.c,v 1.146 2002/07/30 17:03:55 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -1065,7 +1065,7 @@ do_setup_env(Session *s, const char *shell) auth_sock_name); /* read $HOME/.ssh/environment. */ - if (!options.use_login) { + if (options.permit_user_env && !options.use_login) { snprintf(buf, sizeof buf, "%.200s/.ssh/environment", pw->pw_dir); read_environment_file(&env, &envsize, buf); diff --git a/sshd_config b/sshd_config index 24c4e059..f20d812e 100644 --- a/sshd_config +++ b/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.56 2002/06/20 23:37:12 markus Exp $ +# $OpenBSD: sshd_config,v 1.57 2002/07/30 17:03:55 markus Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -81,6 +81,7 @@ #KeepAlive yes #UseLogin no #UsePrivilegeSeparation yes +#PermitUserEnvironment no #Compression yes #MaxStartups 10 diff --git a/sshd_config.5 b/sshd_config.5 index 6625865e..f43b2bb9 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.5 2002/07/09 17:46:25 stevesk Exp $ +.\" $OpenBSD: sshd_config.5,v 1.6 2002/07/30 17:03:55 markus Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -465,6 +465,21 @@ for root. If this option is set to .Dq no root is not allowed to login. +.It Cm PermitUserEnvironment +Specifies whether +.Pa ~/.ssh/environment +is read by +.Nm sshd +and whether +.Cm environment= +options in +.Pa ~/.ssh/authorized_keys +files are permitted. +The default is +.Dq no . +This option is useful for locked-down installations where +.Ev LD_PRELOAD +and suchlike can cause security problems. .It Cm PidFile Specifies the file that contains the process ID of the .Nm sshd |