- markus@cvs.openbsd.org 2002/07/30 17:03:55
[auth-options.c servconf.c servconf.h session.c sshd_config sshd_config.5]
add PermitUserEnvironment (off by default!); from dot@dotat.at;
ok provos, deraadt
diff --git a/ChangeLog b/ChangeLog
index 9657aca..74ce053 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -18,6 +18,10 @@
- markus@cvs.openbsd.org 2002/07/29 18:57:30
[sshconnect.c]
print file:line
+ - markus@cvs.openbsd.org 2002/07/30 17:03:55
+ [auth-options.c servconf.c servconf.h session.c sshd_config sshd_config.5]
+ add PermitUserEnvironment (off by default!); from dot@dotat.at;
+ ok provos, deraadt
20020730
- (bal) [uidswap.c] SCO compile correction by gert@greenie.muc.de
@@ -1486,4 +1490,4 @@
- (stevesk) entropy.c: typo in debug message
- (djm) ssh-keygen -i needs seeded RNG; report from markus@
-$Id: ChangeLog,v 1.2412 2002/08/01 01:26:29 mouring Exp $
+$Id: ChangeLog,v 1.2413 2002/08/01 01:28:38 mouring Exp $
diff --git a/auth-options.c b/auth-options.c
index 41a29f7..8595fdc 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -10,7 +10,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-options.c,v 1.25 2002/07/21 18:32:20 stevesk Exp $");
+RCSID("$OpenBSD: auth-options.c,v 1.26 2002/07/30 17:03:55 markus Exp $");
#include "xmalloc.h"
#include "match.h"
@@ -133,7 +133,8 @@
goto next_option;
}
cp = "environment=\"";
- if (strncasecmp(opts, cp, strlen(cp)) == 0) {
+ if (options.permit_user_env &&
+ strncasecmp(opts, cp, strlen(cp)) == 0) {
char *s;
struct envstring *new_envstring;
diff --git a/servconf.c b/servconf.c
index bdf39af..50fccdd 100644
--- a/servconf.c
+++ b/servconf.c
@@ -10,7 +10,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.112 2002/06/23 09:46:51 deraadt Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.113 2002/07/30 17:03:55 markus Exp $");
#if defined(KRB4)
#include <krb.h>
@@ -101,6 +101,7 @@
options->kbd_interactive_authentication = -1;
options->challenge_response_authentication = -1;
options->permit_empty_passwd = -1;
+ options->permit_user_env = -1;
options->use_login = -1;
options->compression = -1;
options->allow_tcp_forwarding = -1;
@@ -223,6 +224,8 @@
options->challenge_response_authentication = 1;
if (options->permit_empty_passwd == -1)
options->permit_empty_passwd = 0;
+ if (options->permit_user_env == -1)
+ options->permit_user_env = 0;
if (options->use_login == -1)
options->use_login = 0;
if (options->compression == -1)
@@ -291,7 +294,7 @@
sPrintMotd, sPrintLastLog, sIgnoreRhosts,
sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
sStrictModes, sEmptyPasswd, sKeepAlives,
- sUseLogin, sAllowTcpForwarding, sCompression,
+ sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
@@ -354,6 +357,7 @@
{ "xauthlocation", sXAuthLocation },
{ "strictmodes", sStrictModes },
{ "permitemptypasswords", sEmptyPasswd },
+ { "permituserenvironment", sPermitUserEnvironment },
{ "uselogin", sUseLogin },
{ "compression", sCompression },
{ "keepalive", sKeepAlives },
@@ -713,6 +717,10 @@
intptr = &options->permit_empty_passwd;
goto parse_flag;
+ case sPermitUserEnvironment:
+ intptr = &options->permit_user_env;
+ goto parse_flag;
+
case sUseLogin:
intptr = &options->use_login;
goto parse_flag;
diff --git a/servconf.h b/servconf.h
index c94f541..024987d 100644
--- a/servconf.h
+++ b/servconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.58 2002/06/20 23:05:55 markus Exp $ */
+/* $OpenBSD: servconf.h,v 1.59 2002/07/30 17:03:55 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -97,6 +97,7 @@
int challenge_response_authentication;
int permit_empty_passwd; /* If false, do not permit empty
* passwords. */
+ int permit_user_env; /* If true, read ~/.ssh/environment */
int use_login; /* If true, login(1) is used */
int compression; /* If true, compression is allowed */
int allow_tcp_forwarding;
diff --git a/session.c b/session.c
index e2e3034..f2a1bf0 100644
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.145 2002/07/22 11:03:06 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.146 2002/07/30 17:03:55 markus Exp $");
#include "ssh.h"
#include "ssh1.h"
@@ -1065,7 +1065,7 @@
auth_sock_name);
/* read $HOME/.ssh/environment. */
- if (!options.use_login) {
+ if (options.permit_user_env && !options.use_login) {
snprintf(buf, sizeof buf, "%.200s/.ssh/environment",
pw->pw_dir);
read_environment_file(&env, &envsize, buf);
diff --git a/sshd_config b/sshd_config
index 24c4e05..f20d812 100644
--- a/sshd_config
+++ b/sshd_config
@@ -1,4 +1,4 @@
-# $OpenBSD: sshd_config,v 1.56 2002/06/20 23:37:12 markus Exp $
+# $OpenBSD: sshd_config,v 1.57 2002/07/30 17:03:55 markus Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
@@ -81,6 +81,7 @@
#KeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
+#PermitUserEnvironment no
#Compression yes
#MaxStartups 10
diff --git a/sshd_config.5 b/sshd_config.5
index 6625865..f43b2bb 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.5 2002/07/09 17:46:25 stevesk Exp $
+.\" $OpenBSD: sshd_config.5,v 1.6 2002/07/30 17:03:55 markus Exp $
.Dd September 25, 1999
.Dt SSHD_CONFIG 5
.Os
@@ -465,6 +465,21 @@
If this option is set to
.Dq no
root is not allowed to login.
+.It Cm PermitUserEnvironment
+Specifies whether
+.Pa ~/.ssh/environment
+is read by
+.Nm sshd
+and whether
+.Cm environment=
+options in
+.Pa ~/.ssh/authorized_keys
+files are permitted.
+The default is
+.Dq no .
+This option is useful for locked-down installations where
+.Ev LD_PRELOAD
+and suchlike can cause security problems.
.It Cm PidFile
Specifies the file that contains the process ID of the
.Nm sshd