sshd executes ~/.ssh/sshrc without using user's shell
Markus Friedl
markus.friedl at informatik.uni-erlangen.de
Wed Mar 21 06:33:36 EST 2001
On Sat, Mar 17, 2001 at 02:14:22PM +1100, Andrew Bartlett wrote:
> I am considering allowing (relitivly) untrusted local users onto my
> fileserver, so they can use SFTP to access their home directories.
>
> I have a custom shell, (a taint-mode enabled perl script) that allows
> users to change their password, which I have modifed to only allow a
> '-c' command for the sftp-server.
>
> I have also disabled TCP port forwarding. However, some reading of the
> OpenSSH code suggests that, while most commands sshd excutes use the
> users login shell, the popen call for .ssh/sshrc does not.
> (session.c:1342 and there-abouts).
>
> Is this an issue?
yes. in the future, subsystems will probably ignore this file.
> Or do I have bigger things to worry about?
nothing that i can think of.
More information about the openssh-unix-dev
mailing list