ForceCommand and ~/.ssh/rc

Darren Tucker dtucker at zip.com.au
Tue Mar 25 09:21:20 EST 2008 

On Tue, Mar 25, 2008 at 08:57:39AM +1100, Damien Miller wrote:
> On Thu, 20 Mar 2008, Mikhail Terekhov wrote:
> > As I understand the "ForceCommand" in the sshd_confing file is meant to
> > ignore any command supplied by the client, but if user's home is shared by
> > server and client machines over network (ex. NFS) then user can still put
> > something else into ~/.ssh/rc file and overcome this limitation. Is it
> > possible to disable execution of the ~/.ssh/rc file in such a case?
> 
> Could you please try this?
[..]
> -	if (!options.use_login)
> +	if (!options.use_login && options.adm_forced_command == NULL)

This should also check forced_command too, no?  That usually comes from
a user-controlled authorized_keys file in ~/.ssh, however that's not
necessarily the case (eg AuthorizedKeysFile /etc/ssh/keys or some such).

Also, this will disable the root-owned rc file which isn't necessary.
How about something like this?

Index: session.c
===================================================================
RCS file: /usr/local/src/security/openssh/cvs/openssh/session.c,v
retrieving revision 1.364
diff -u -p -r1.364 session.c
--- session.c	15 Mar 2008 06:27:58 -0000	1.364
+++ session.c	24 Mar 2008 22:19:08 -0000
@@ -1196,14 +1196,18 @@ do_rc_files(Session *s, const char *shel
 {
 	FILE *f = NULL;
 	char cmd[1024];
-	int do_xauth;
+	int do_xauth, do_user_rc = 1;
 	struct stat st;
 
 	do_xauth =
 	    s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL;
 
-	/* ignore _PATH_SSH_USER_RC for subsystems */
-	if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) {
+	/* ignore _PATH_SSH_USER_RC for subsystems and forced commands */
+	if (s->is_subsystem || options.adm_forced_command != NULL ||
+	    forced_command != NULL)
+		do_user_rc = 0;
+
+	if (do_user_rc && (stat(_PATH_SSH_USER_RC, &st) >= 0)) {
 		snprintf(cmd, sizeof cmd, "%s -c '%s %s'",
 		    shell, _PATH_BSHELL, _PATH_SSH_USER_RC);
 		if (debug_flag)

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list