New Subsystem criteria for Match option block in OpenSSH server
Darren Tucker
dtucker at zip.com.au
Fri May 18 15:25:16 EST 2012
On Thu, May 17, 2012 at 04:19:36PM +0200, Nicola Muto wrote:
> Hello everybody,
>
> I'm a C/C++ consultant working for Ericsson.
>
> I changed the OpenSSH-Portable code to add a new criteria
> into the Match sshd_config option read by the sshd server.
>
> The new criteria is "Subsystem"; so a conditional block based
The problem with that is that Match is done at connection
establishment time and Subsystem is not a property of the connection,
it's a request type that can be sent zero or more times during the life
of the connection. What happens if I open a sftp subsytem then a normal
shell session or vice versa?
> you must also disable the privilege separation
that's usually a pretty good indication that you're doing something
wrong.
I'd like to study your diff a bit more but it got mangled to the point
that patch denies there's even a diff in there. Could you please resend
(a) using diff -u (unified) format and (b) as an text/plain attachment.
Thanks.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list