ProxyCommand not working if $SHELL not defined

Ben Lindstrom mouring at eviladmin.org
Fri Sep 18 00:30:57 EST 2009


How does one get into a case where they are allowed to be logged in,  
but they don't have a valid executable shell?  This seems like a very  
odd condition and one that shouldn't happen.

- Ben

On Sep 17, 2009, at 7:47 AM, Antonio Mignolli wrote:

> Ok, but the case with a not valid shell (non executable)
> is not covered.
> It is also a user (or sysadm) fault, though, if SHELL is not
> properly set.
>
> Bye.
>
> 2009/9/17 Damien Miller <djm at mindrot.org>:
>> On Thu, 17 Sep 2009, Antonio Mignolli wrote:
>>
>>> Maybe the mailing list cuts the attachments.
>>
>> Yes, we strip pretty much everything but text/plain to avoid spam and
>> malware.
>>
>>> patch.openssh-5.2p1.SHELLfix:
>>>
>>> 8<-----------------------------------------------------------------
>>> Common subdirectories: openssh-5.2p1/contrib and openssh-5.2p1.new/ 
>>> contrib
>>> diff -NupwB openssh-5.2p1/misc.c openssh-5.2p1.new/misc.c
>>> --- openssh-5.2p1/misc.c      2009-02-21 22:47:02.000000000 +0100
>>> +++ openssh-5.2p1.new/misc.c  2009-09-16 02:21:11.000000000 +0200
>>> @@ -849,3 +849,29 @@ ms_to_timeval(struct timeval *tv, int ms
>>>       tv->tv_usec = (ms % 1000) * 1000;
>>>  }
>>>
>>> +/*
>>> + * Get shell from env or use default '/bin/sh'
>>> + */
>>> +char *
>>> +get_shell_from_env()
>>
>> ...
>>
>> I think that this is quite overcomplicated. This is probably  
>> sufficient.
>>
>> Index: sftp.c
>> ===================================================================
>> RCS file: /cvs/src/usr.bin/ssh/sftp.c,v
>> retrieving revision 1.111
>> diff -u -p -r1.111 sftp.c
>> --- sftp.c      18 Aug 2009 18:36:21 -0000      1.111
>> +++ sftp.c      17 Sep 2009 12:26:04 -0000
>> @@ -236,7 +236,7 @@ local_do_shell(const char *args)
>>        if (!*args)
>>                args = NULL;
>>
>> -       if ((shell = getenv("SHELL")) == NULL)
>> +       if ((shell = getenv("SHELL")) == NULL || *shell == '\0')
>>                shell = _PATH_BSHELL;
>>
>>        if ((pid = fork()) == -1)
>> Index: sshconnect.c
>> ===================================================================
>> RCS file: /cvs/src/usr.bin/ssh/sshconnect.c,v
>> retrieving revision 1.214
>> diff -u -p -r1.214 sshconnect.c
>> --- sshconnect.c        28 May 2009 16:50:16 -0000      1.214
>> +++ sshconnect.c        17 Sep 2009 12:26:05 -0000
>> @@ -76,7 +76,7 @@ ssh_proxy_connect(const char *host, u_sh
>>        pid_t pid;
>>        char *shell, strport[NI_MAXSERV];
>>
>> -       if ((shell = getenv("SHELL")) == NULL)
>> +       if ((shell = getenv("SHELL")) == NULL || *shell == '\0')
>>                shell = _PATH_BSHELL;
>>
>>        /* Convert the port number into a string. */
>> @@ -1148,7 +1148,7 @@ ssh_local_cmd(const char *args)
>>            args == NULL || !*args)
>>                return (1);
>>
>> -       if ((shell = getenv("SHELL")) == NULL)
>> +       if ((shell = getenv("SHELL")) == NULL || *shell == '\0')
>>                shell = _PATH_BSHELL;
>>
>>        pid = fork();
>>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



More information about the openssh-unix-dev mailing list