diff options
| -rw-r--r-- | usr.bin/ssh/auth-options.c | 5 | ||||
| -rw-r--r-- | usr.bin/ssh/servconf.c | 12 | ||||
| -rw-r--r-- | usr.bin/ssh/servconf.h | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/session.c | 4 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd_config | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd_config.5 | 17 |
6 files changed, 35 insertions, 9 deletions
diff --git a/usr.bin/ssh/auth-options.c b/usr.bin/ssh/auth-options.c index 41a29f79cac..8595fdc147d 100644 --- a/usr.bin/ssh/auth-options.c +++ b/usr.bin/ssh/auth-options.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-options.c,v 1.25 2002/07/21 18:32:20 stevesk Exp $"); +RCSID("$OpenBSD: auth-options.c,v 1.26 2002/07/30 17:03:55 markus Exp $"); #include "xmalloc.h" #include "match.h" @@ -133,7 +133,8 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) goto next_option; } cp = "environment=\""; - if (strncasecmp(opts, cp, strlen(cp)) == 0) { + if (options.permit_user_env && + strncasecmp(opts, cp, strlen(cp)) == 0) { char *s; struct envstring *new_envstring; diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c index d118bfe3331..2beb82b1d64 100644 --- a/usr.bin/ssh/servconf.c +++ b/usr.bin/ssh/servconf.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.112 2002/06/23 09:46:51 deraadt Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.113 2002/07/30 17:03:55 markus Exp $"); #if defined(KRB4) || defined(KRB5) #include <krb.h> @@ -87,6 +87,7 @@ initialize_server_options(ServerOptions *options) options->kbd_interactive_authentication = -1; options->challenge_response_authentication = -1; options->permit_empty_passwd = -1; + options->permit_user_env = -1; options->use_login = -1; options->compression = -1; options->allow_tcp_forwarding = -1; @@ -204,6 +205,8 @@ fill_default_server_options(ServerOptions *options) options->challenge_response_authentication = 1; if (options->permit_empty_passwd == -1) options->permit_empty_passwd = 0; + if (options->permit_user_env == -1) + options->permit_user_env = 0; if (options->use_login == -1) options->use_login = 0; if (options->compression == -1) @@ -259,7 +262,7 @@ typedef enum { sPrintMotd, sPrintLastLog, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, sStrictModes, sEmptyPasswd, sKeepAlives, - sUseLogin, sAllowTcpForwarding, sCompression, + sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups, @@ -319,6 +322,7 @@ static struct { { "xauthlocation", sXAuthLocation }, { "strictmodes", sStrictModes }, { "permitemptypasswords", sEmptyPasswd }, + { "permituserenvironment", sPermitUserEnvironment }, { "uselogin", sUseLogin }, { "compression", sCompression }, { "keepalive", sKeepAlives }, @@ -672,6 +676,10 @@ parse_flag: intptr = &options->permit_empty_passwd; goto parse_flag; + case sPermitUserEnvironment: + intptr = &options->permit_user_env; + goto parse_flag; + case sUseLogin: intptr = &options->use_login; goto parse_flag; diff --git a/usr.bin/ssh/servconf.h b/usr.bin/ssh/servconf.h index 6fc1272df35..33cd82ee66e 100644 --- a/usr.bin/ssh/servconf.h +++ b/usr.bin/ssh/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.58 2002/06/20 23:05:55 markus Exp $ */ +/* $OpenBSD: servconf.h,v 1.59 2002/07/30 17:03:55 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -97,6 +97,7 @@ typedef struct { int challenge_response_authentication; int permit_empty_passwd; /* If false, do not permit empty * passwords. */ + int permit_user_env; /* If true, read ~/.ssh/environment */ int use_login; /* If true, login(1) is used */ int compression; /* If true, compression is allowed */ int allow_tcp_forwarding; diff --git a/usr.bin/ssh/session.c b/usr.bin/ssh/session.c index a453d509f00..b52f1080135 100644 --- a/usr.bin/ssh/session.c +++ b/usr.bin/ssh/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.145 2002/07/22 11:03:06 markus Exp $"); +RCSID("$OpenBSD: session.c,v 1.146 2002/07/30 17:03:55 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -899,7 +899,7 @@ do_setup_env(Session *s, const char *shell) auth_sock_name); /* read $HOME/.ssh/environment. */ - if (!options.use_login) { + if (options.permit_user_env && !options.use_login) { snprintf(buf, sizeof buf, "%.200s/.ssh/environment", pw->pw_dir); read_environment_file(&env, &envsize, buf); diff --git a/usr.bin/ssh/sshd_config b/usr.bin/ssh/sshd_config index 240cae4e2b6..7b01bbf5ed8 100644 --- a/usr.bin/ssh/sshd_config +++ b/usr.bin/ssh/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.56 2002/06/20 23:37:12 markus Exp $ +# $OpenBSD: sshd_config,v 1.57 2002/07/30 17:03:55 markus Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -75,6 +75,7 @@ #KeepAlive yes #UseLogin no #UsePrivilegeSeparation yes +#PermitUserEnvironment no #Compression yes #MaxStartups 10 diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5 index a9d16eb9348..e14d5c6f47b 100644 --- a/usr.bin/ssh/sshd_config.5 +++ b/usr.bin/ssh/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.5 2002/07/09 17:46:25 stevesk Exp $ +.\" $OpenBSD: sshd_config.5,v 1.6 2002/07/30 17:03:55 markus Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -459,6 +459,21 @@ for root. If this option is set to .Dq no root is not allowed to login. +.It Cm PermitUserEnvironment +Specifies whether +.Pa ~/.ssh/environment +is read by +.Nm sshd +and whether +.Cm environment= +options in +.Pa ~/.ssh/authorized_keys +files are permitted. +The default is +.Dq no . +This option is useful for locked-down installations where +.Ev LD_PRELOAD +and suchlike can cause security problems. .It Cm PidFile Specifies the file that contains the process ID of the .Nm sshd |