Bug#705397: molly-guard: Fails to detect remote terminal when using mosh
also sprach Francois Marier [2013.08.08.1249 +0200]: > Yes, but there's another is_child_of_sshd to change as well. This code has become such a mess. Rewrite, anyone? ;) -- .''`. martin f. krafft Related projects: : :' : proud Debian developer http://debiansystem.info `. `'` http://people.debian.org/~madduckhttp://vcs-pkg.org `- Debian - when you have better things to do than fixing systems in seattle, washington, it is illegal to carry a concealed weapon that is over six feet in length. digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
Bug#705397: molly-guard: Fails to detect remote terminal when using mosh
On 2013-08-08 at 12:20:52, martin f krafft wrote:
> also sprach Francois Marier [2013.04.14.1234 +0200]:
> > On the other hand, if I use mosh to access the same server, typing
> > "sudo reboot" immediately reboots the server without any prompts.
>
> Does this patch against /etc/molly-guard/30-query-hostname guard
> against this?
Yes, but there's another is_child_of_sshd to change as well.
See attached patch.
Francois
--
Francois Marier identi.ca/fmarier
http://fmarier.org twitter.com/fmarier
diff --git a/molly-guard/run.d/30-query-hostname b/molly-guard/run.d/30-query-hostname
index ea0aad5..689df69 100755
--- a/molly-guard/run.d/30-query-hostname
+++ b/molly-guard/run.d/30-query-hostname
@@ -11,7 +11,7 @@ ME=molly-guard
# Walk up the process tree until PID 1 is reached or a process with 'sshd' in
# its /proc//cmdline is met. Return success if such a process is found.
-is_child_of_sshd() {
+is_child_of_sshd_or_mosh_server() {
pid=$$
ppid=$PPID
# Be a bit paranoid with the guard, should some horribly broken system
@@ -19,7 +19,7 @@ is_child_of_sshd() {
# sane systems.
[ -z "$pid" ] || [ -z "$ppid" ] && return 2
while [ $pid -gt 1 ] && [ $pid -ne $ppid ]; do
-if grep -q sshd /proc/$ppid/cmdline; then
+if egrep -q 'sshd|mosh-server' /proc/$ppid/cmdline; then
return 0
fi
pid=$ppid
@@ -48,7 +48,7 @@ case "${ALWAYS_QUERY_HOSTNAME:-0}" in
PTS=$(tty)
if ! pgrep -f "^sshd.+${PTS#/dev/}\>" >/dev/null \
&& [ -z "${SSH_CONNECTION:-}" ] \
- && ! is_child_of_sshd; then
+ && ! is_child_of_sshd_or_mosh_server; then
if [ $PRETEND_SSH -eq 1 ]; then
echo "I: $ME: this is not an SSH session, but --pretend-ssh was given..." >&2
else
Bug#705397: molly-guard: Fails to detect remote terminal when using mosh
also sprach Francois Marier [2013.04.14.1234 +0200]:
> On the other hand, if I use mosh to access the same server, typing
> "sudo reboot" immediately reboots the server without any prompts.
Does this patch against /etc/molly-guard/30-query-hostname guard
against this?
--- a/run.d/30-query-hostname
+++ b/run.d/30-query-hostname
@@ -11,7 +11,7 @@ ME=molly-guard
# Walk up the process tree until PID 1 is reached or a process with 'sshd' in
# its /proc//cmdline is met. Return success if such a process is found.
-is_child_of_sshd() {
+is_child_of_sshd_or_mosh_server() {
pid=$$
ppid=$PPID
# Be a bit paranoid with the guard, should some horribly broken system
@@ -19,7 +19,7 @@ is_child_of_sshd() {
# sane systems.
[ -z "$pid" ] || [ -z "$ppid" ] && return 2
while [ $pid -gt 1 ] && [ $pid -ne $ppid ]; do
-if grep -q sshd /proc/$ppid/cmdline; then
+if egrep -q 'sshd|mosh-server' /proc/$ppid/cmdline; then
return 0
fi
pid=$ppid
--
.''`. martin f. krafft Related projects:
: :' : proud Debian developer http://debiansystem.info
`. `'` http://people.debian.org/~madduckhttp://vcs-pkg.org
`- Debian - when you have better things to do than fixing systems
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
Bug#705397: molly-guard: Fails to detect remote terminal when using mosh
Package: molly-guard Version: 0.4.5-1 Severity: normal If I ssh into my wheezy server, molly-guard will prompt me for the hostname after I type "sudo reboot". On the other hand, if I use mosh to access the same server, typing "sudo reboot" immediately reboots the server without any prompts. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
