From f7cebbbf407d772ed71403d314343766782fe540 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 28 Nov 2022 01:37:36 +0000 Subject: upstream: New EnableEscapeCommandline ssh_config(5) option This option (default "no") controls whether the ~C escape is available. Turning it off by default means we will soon be able to use a stricter default pledge(2) in the client. feedback deraadt@ dtucker@; tested in snaps for a while OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a --- readconf.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'readconf.c') diff --git a/readconf.c b/readconf.c index 42be690b..794fac6d 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.369 2022/09/17 10:33:18 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.370 2022/11/28 01:37:36 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -175,6 +175,7 @@ typedef enum { oFingerprintHash, oUpdateHostkeys, oHostbasedAcceptedAlgorithms, oPubkeyAcceptedAlgorithms, oCASignatureAlgorithms, oProxyJump, oSecurityKeyProvider, oKnownHostsCommand, oRequiredRSASize, + oEnableEscapeCommandline, oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported } OpCodes; @@ -321,6 +322,7 @@ static struct { { "securitykeyprovider", oSecurityKeyProvider }, { "knownhostscommand", oKnownHostsCommand }, { "requiredrsasize", oRequiredRSASize }, + { "enableescapecommandline", oEnableEscapeCommandline }, { NULL, oBadOption } }; @@ -2177,6 +2179,10 @@ parse_pubkey_algos: *charptr = xstrdup(arg); break; + case oEnableEscapeCommandline: + intptr = &options->enable_escape_commandline; + goto parse_flag; + case oRequiredRSASize: intptr = &options->required_rsa_size; goto parse_int; @@ -2429,6 +2435,7 @@ initialize_options(Options * options) options->pubkey_accepted_algos = NULL; options->known_hosts_command = NULL; options->required_rsa_size = -1; + options->enable_escape_commandline = -1; } /* @@ -2627,6 +2634,8 @@ fill_default_options(Options * options) #endif if (options->required_rsa_size == -1) options->required_rsa_size = SSH_RSA_MINIMUM_MODULUS_SIZE; + if (options->enable_escape_commandline == -1) + options->enable_escape_commandline = 0; /* Expand KEX name lists */ all_cipher = cipher_alg_list(',', 0); @@ -3308,6 +3317,7 @@ dump_client_config(Options *o, const char *host) dump_cfg_fmtint(oVerifyHostKeyDNS, o->verify_host_key_dns); dump_cfg_fmtint(oVisualHostKey, o->visual_host_key); dump_cfg_fmtint(oUpdateHostkeys, o->update_hostkeys); + dump_cfg_fmtint(oEnableEscapeCommandline, o->enable_escape_commandline); /* Integer options */ dump_cfg_int(oCanonicalizeMaxDots, o->canonicalize_max_dots); -- cgit v1.2.3