Using /bin/sh to exec subsystems [PATCH]

Andrew Bartlett abartlet at pcug.org.au
Sat May 26 12:42:14 EST 2001


Andrew Bartlett wrote:
> 
> Patrick Higgins wrote:
> >
> > That's clever. I guess my only reservation about that sort of thing is I
> > prefer my security-critical code to be peer-reviewed, not something I
> > cook up myself. That's why I'd like to see the solution be a direct part
> > of OpenSSH (where I know it will be audited).
> >
> > Your solution is very flexible, though. Perhaps we could put your script
> > (or a similar one) in the contrib directory so that everyone can at
> > least start with a well-written restricted shell, and hope that the
> > customization process doesn't ruin it?
> >
> > -Pat
> >
> > > The way I have set it up is a simple taint-mode enabled perl script, it
> > > checks for command options, and if it is a permitted program
> > > (sftp-server) then the server is run (hardcoded path).  If we get
> > > another subsystem, I just add an elsif.  If they specify nothing, they
> > > get a password change prompt (the inital reason for the script).
> > >
> > > Andrew Bartlett
> 
> Attached.  Freely redistribute.
> 

Just remember that until the next release of OpenSSH, this won't actualy
do anything, as .ssh/rc files are executed with /bin/sh anyway :-(.  (My
bug-report and the resultant fix was too close to release for 2.9p1, or
so I was told).

Andrew Bartlett

-- 
Andrew Bartlett
abartlet at pcug.org.au



More information about the openssh-unix-dev mailing list