summaryrefslogtreecommitdiff
path: root/usr.sbin/authpf/authpf.c
diff options
context:
space:
mode:
authorOleg Safiullin <form@cvs.openbsd.org>2002-05-30 09:12:00 +0000
committerOleg Safiullin <form@cvs.openbsd.org>2002-05-30 09:12:00 +0000
commitf9e8b133d95960d55ce73160a28ae32883b8ff6e (patch)
tree5d09d81fcdebb4356eb4e332da220a71061c96fe /usr.sbin/authpf/authpf.c
parent196b75fc92592c09eacfc395031fbebc6e7b3ab0 (diff)
Do not allow user to run authpf if user's shell is not /usr/sbin/authpf to
prevent users from playing with $SSH_CLIENT.
Diffstat (limited to 'usr.sbin/authpf/authpf.c')
-rw-r--r--usr.sbin/authpf/authpf.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/usr.sbin/authpf/authpf.c b/usr.sbin/authpf/authpf.c
index 126ade4f171..27c1375f7be 100644
--- a/usr.sbin/authpf/authpf.c
+++ b/usr.sbin/authpf/authpf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authpf.c,v 1.15 2002/05/21 19:48:04 deraadt Exp $ */
+/* $OpenBSD: authpf.c,v 1.16 2002/05/30 09:11:59 form Exp $ */
/*
* Copyright (C) 1998 - 2002 Bob Beck (beck@openbsd.org).
@@ -124,6 +124,12 @@ main(int argc, char *argv[])
exit(1);
}
+ if (strcmp(pwp->pw_shell, PATH_AUTHPF_SHELL)) {
+ syslog(LOG_ERR, "wrong shell for user %s, uid %u",
+ pwp->pw_name, pwp->pw_uid);
+ exit(1);
+ }
+
strlcpy(luser, pwp->pw_name, sizeof(luser));
if ((foo = getenv("SSH_CLIENT")) != NULL) {