SSH ok, SFTP ok , SCP broken... custom shell

Peter Stuge stuge-openssh-unix-dev at cdy.org
Mon Dec 12 09:43:37 EST 2005


On Fri, Dec 09, 2005 at 09:26:43AM +0000, Graeme Tattersall wrote:
> the if statement is actually :
> 
> if /bin/grep -qw ^$LOGNAME $ALLOWFILE >/dev/null 2>/dev/null
> 
> end the exec line is :
>     exec -a - $REALSHELL $*

I would suggest making sure that these three environment expand
correctly:

if /bin/grep -qw "^${LOGNAME}" "${ALLOWFILE}" >/dev/null 2>/dev/null
..
exec -a - "${REALSHELL}" ..

..you get the picture.

Some other time, maybe one of the variables ends up having a space or
other unexpected character in them and that would cause a malfunction
of the script, even though the data may be valid.

And, even with the above quoted grep regex you will erroneously admit
user foo when user foobar is the only one listed. If there's a
separator after the username, I'd use bash tricks or /bin/cut in order
to check the entire username and nothing but the entire username for
a match.


//Peter




More information about the openssh-unix-dev mailing list