scp creating root files
Markus Friedl
markus.friedl at informatik.uni-erlangen.de
Tue Jun 6 17:27:40 EST 2000
On Fri, Jun 02, 2000 at 06:00:32PM +0100, douglas.manton at uk.ibm.com wrote:
> I have also discovered that the problem goes away when UseLogin is set to
> "no"! Changing line 834 in session.c to:
thanks!
UseLogin is not tested and very broken, please use this patch.
otherwise users can login with uid==0 if they use:
$ ssh host /bin/sh
-markus
Index: session.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/session.c,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- session.c 2000/05/31 06:36:40 1.16
+++ session.c 2000/06/05 19:53:40 1.17
@@ -746,6 +746,10 @@
extern char **environ;
struct stat st;
char *argv[10];
+
+ /* login(1) is only called if we execute the login shell */
+ if (options.use_login && command != NULL)
+ options.use_login = 0;
f = fopen("/etc/nologin", "r");
if (f) {
More information about the openssh-unix-dev
mailing list