diff options
author | Oleg Safiullin <form@cvs.openbsd.org> | 2002-05-30 09:12:00 +0000 |
---|---|---|
committer | Oleg Safiullin <form@cvs.openbsd.org> | 2002-05-30 09:12:00 +0000 |
commit | f9e8b133d95960d55ce73160a28ae32883b8ff6e (patch) | |
tree | 5d09d81fcdebb4356eb4e332da220a71061c96fe /usr.sbin/authpf/authpf.c | |
parent | 196b75fc92592c09eacfc395031fbebc6e7b3ab0 (diff) |
Do not allow user to run authpf if user's shell is not /usr/sbin/authpf to
prevent users from playing with $SSH_CLIENT.
Diffstat (limited to 'usr.sbin/authpf/authpf.c')
-rw-r--r-- | usr.sbin/authpf/authpf.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/usr.sbin/authpf/authpf.c b/usr.sbin/authpf/authpf.c index 126ade4f171..27c1375f7be 100644 --- a/usr.sbin/authpf/authpf.c +++ b/usr.sbin/authpf/authpf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authpf.c,v 1.15 2002/05/21 19:48:04 deraadt Exp $ */ +/* $OpenBSD: authpf.c,v 1.16 2002/05/30 09:11:59 form Exp $ */ /* * Copyright (C) 1998 - 2002 Bob Beck (beck@openbsd.org). @@ -124,6 +124,12 @@ main(int argc, char *argv[]) exit(1); } + if (strcmp(pwp->pw_shell, PATH_AUTHPF_SHELL)) { + syslog(LOG_ERR, "wrong shell for user %s, uid %u", + pwp->pw_name, pwp->pw_uid); + exit(1); + } + strlcpy(luser, pwp->pw_name, sizeof(luser)); if ((foo = getenv("SSH_CLIENT")) != NULL) { |