Bug#705397: molly-guard: Fails to detect remote terminal when using mosh
also sprach Francois Marier [2013.08.08.1249 +0200]: > Yes, but there's another is_child_of_sshd to change as well. This code has become such a mess. Rewrite, anyone? ;) -- .''`. martin f. krafft Related projects: : :' : proud Debian developer http://debiansystem.info `. `'` http://people.debian.org/~madduckhttp://vcs-pkg.org `- Debian - when you have better things to do than fixing systems in seattle, washington, it is illegal to carry a concealed weapon that is over six feet in length. digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
Bug#705397: molly-guard: Fails to detect remote terminal when using mosh
On 2013-08-08 at 12:20:52, martin f krafft wrote: > also sprach Francois Marier [2013.04.14.1234 +0200]: > > On the other hand, if I use mosh to access the same server, typing > > "sudo reboot" immediately reboots the server without any prompts. > > Does this patch against /etc/molly-guard/30-query-hostname guard > against this? Yes, but there's another is_child_of_sshd to change as well. See attached patch. Francois -- Francois Marier identi.ca/fmarier http://fmarier.org twitter.com/fmarier diff --git a/molly-guard/run.d/30-query-hostname b/molly-guard/run.d/30-query-hostname index ea0aad5..689df69 100755 --- a/molly-guard/run.d/30-query-hostname +++ b/molly-guard/run.d/30-query-hostname @@ -11,7 +11,7 @@ ME=molly-guard # Walk up the process tree until PID 1 is reached or a process with 'sshd' in # its /proc//cmdline is met. Return success if such a process is found. -is_child_of_sshd() { +is_child_of_sshd_or_mosh_server() { pid=$$ ppid=$PPID # Be a bit paranoid with the guard, should some horribly broken system @@ -19,7 +19,7 @@ is_child_of_sshd() { # sane systems. [ -z "$pid" ] || [ -z "$ppid" ] && return 2 while [ $pid -gt 1 ] && [ $pid -ne $ppid ]; do -if grep -q sshd /proc/$ppid/cmdline; then +if egrep -q 'sshd|mosh-server' /proc/$ppid/cmdline; then return 0 fi pid=$ppid @@ -48,7 +48,7 @@ case "${ALWAYS_QUERY_HOSTNAME:-0}" in PTS=$(tty) if ! pgrep -f "^sshd.+${PTS#/dev/}\>" >/dev/null \ && [ -z "${SSH_CONNECTION:-}" ] \ - && ! is_child_of_sshd; then + && ! is_child_of_sshd_or_mosh_server; then if [ $PRETEND_SSH -eq 1 ]; then echo "I: $ME: this is not an SSH session, but --pretend-ssh was given..." >&2 else
Bug#705397: molly-guard: Fails to detect remote terminal when using mosh
also sprach Francois Marier [2013.04.14.1234 +0200]: > On the other hand, if I use mosh to access the same server, typing > "sudo reboot" immediately reboots the server without any prompts. Does this patch against /etc/molly-guard/30-query-hostname guard against this? --- a/run.d/30-query-hostname +++ b/run.d/30-query-hostname @@ -11,7 +11,7 @@ ME=molly-guard # Walk up the process tree until PID 1 is reached or a process with 'sshd' in # its /proc//cmdline is met. Return success if such a process is found. -is_child_of_sshd() { +is_child_of_sshd_or_mosh_server() { pid=$$ ppid=$PPID # Be a bit paranoid with the guard, should some horribly broken system @@ -19,7 +19,7 @@ is_child_of_sshd() { # sane systems. [ -z "$pid" ] || [ -z "$ppid" ] && return 2 while [ $pid -gt 1 ] && [ $pid -ne $ppid ]; do -if grep -q sshd /proc/$ppid/cmdline; then +if egrep -q 'sshd|mosh-server' /proc/$ppid/cmdline; then return 0 fi pid=$ppid -- .''`. martin f. krafft Related projects: : :' : proud Debian developer http://debiansystem.info `. `'` http://people.debian.org/~madduckhttp://vcs-pkg.org `- Debian - when you have better things to do than fixing systems digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
Bug#705397: molly-guard: Fails to detect remote terminal when using mosh
Package: molly-guard Version: 0.4.5-1 Severity: normal If I ssh into my wheezy server, molly-guard will prompt me for the hostname after I type "sudo reboot". On the other hand, if I use mosh to access the same server, typing "sudo reboot" immediately reboots the server without any prompts. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org