Ray Daoud writes:
: On Tue, 9 May 2000, Sami Lehtinen wrote:
: > Suggestions? Should I check if the shell is "*csh" and give the
: > argument "-f", if executing a command?
:
: That was exactly what I was thinking. I tried "csh -f" wrapper
: script to call from sshd2_config, but apparently the damage is done
: before the sftp-server process is called...
:
: A patch for this would be _much_ appreciated...
There has been opinions that this could be chacked in the users
.cshrc, which I don't doubt, but I think this addition could reduce
the load of our support and sysadmins worldwide. Maybe. On a good day.
Anyways, what do you think? (apply by going to your
ssh-secure-shell-2.1.0 directory, and giving the command
% patch -p 0 < /path/to/this/patch
)
Index: apps/ssh/sshchsession.c
===================================================================
RCS file: /src/ssh2/apps/ssh/sshchsession.c,v
retrieving revision 1.10
diff -u -r1.10 sshchsession.c
--- apps/ssh/sshchsession.c 2000/05/04 01:54:06 1.10
+++ apps/ssh/sshchsession.c 2000/05/10 00:37:39
@@ -936,10 +936,19 @@
if (strcmp(command,
session->common->config->subsystems[i]->name) == 0)
{
- argv[0] = (char *)shell;
- argv[1] = "-c";
- argv[2] = session->common->config->subsystems[i]->path;
- argv[3] = NULL;
+ int arg_ind = 0;
+ /* If csh or tcsh, we should give the "-f" parameter
+ also, to prevent the sell from reading its dot-rc
+ file. Same should be done also with commands. */
+ argv[arg_ind++] = (char *)shell;
+ if (!session->common->config->
+ allow_cshrc_sourcing_with_subsystems &&
+ (strcmp(shell_no_path, "csh") == 0 ||
+ strcmp(shell_no_path, "tcsh") == 0))
+ argv[arg_ind++] = "-f";
+ argv[arg_ind++] = "-c";
+ argv[arg_ind++] = session->common->config->subsystems[i]->path;
+ argv[arg_ind++] = NULL;
execve(shell, argv, env);
perror(shell);
exit(254);
Index: apps/ssh/sshd2_config
===================================================================
RCS file: /src/ssh2/apps/ssh/sshd2_config,v
retrieving revision 1.5
diff -u -r1.5 sshd2_config
--- apps/ssh/sshd2_config 2000/04/17 01:07:11 1.5
+++ apps/ssh/sshd2_config 2000/05/10 00:19:27
@@ -29,6 +29,7 @@
ForcePTTYAllocation no
VerboseMode no
PrintMotd yes
+ AllowCshrcSourcingWithSubsystems no
CheckMail yes
UserConfigDirectory "%D/.ssh2"
# UserConfigDirectory "/etc/ssh2/auth/%U"
Index: apps/ssh/sshconfig.c
===================================================================
RCS file: /src/ssh2/apps/ssh/sshconfig.c,v
retrieving revision 1.15
diff -u -r1.15 sshconfig.c
--- apps/ssh/sshconfig.c 2000/05/04 01:56:12 1.15
+++ apps/ssh/sshconfig.c 2000/05/10 00:20:23
@@ -220,6 +220,7 @@
config->quiet_mode = FALSE;
config->fascist_logging = FALSE;
config->print_motd = TRUE;
+ config->allow_cshrc_sourcing_with_subsystems = FALSE;
config->check_mail = TRUE;
config->keep_alive = TRUE;
config->no_delay = FALSE;
@@ -1195,6 +1196,12 @@
if (strcmp(var, "printmotd") == 0)
{
config->print_motd = bool;
+ return FALSE;
+ }
+
+ if (strcmp(var, "allowcshrcsourcingwithsubsystems") == 0)
+ {
+ config->allow_cshrc_sourcing_with_subsystems = bool;
return FALSE;
}
Index: apps/ssh/sshconfig.h
===================================================================
RCS file: /src/ssh2/apps/ssh/sshconfig.h,v
retrieving revision 1.11
diff -u -r1.11 sshconfig.h
--- apps/ssh/sshconfig.h 2000/05/04 01:56:39 1.11
+++ apps/ssh/sshconfig.h 2000/05/10 00:17:51
@@ -161,6 +161,7 @@
Boolean quiet_mode;
Boolean fascist_logging;
Boolean print_motd;
+ Boolean allow_cshrc_sourcing_with_subsystems;
Boolean check_mail;
Boolean keep_alive;
Boolean no_delay;
--
[[EMAIL PROTECTED] -- Sami J. Lehtinen -- [EMAIL PROTECTED]]
[work:+358 9 85657425][gsm:+358 50 5170 258][http://www.iki.fi/~sjl]
[SSH Communications Security Ltd. http://www.ssh.com/]
