diff options
Diffstat (limited to 'extra/rssh/env-breach.patch')
| -rw-r--r-- | extra/rssh/env-breach.patch | 228 |
1 files changed, 0 insertions, 228 deletions
diff --git a/extra/rssh/env-breach.patch b/extra/rssh/env-breach.patch deleted file mode 100644 index e9193c7bd..000000000 --- a/extra/rssh/env-breach.patch +++ /dev/null @@ -1,228 +0,0 @@ ---- rssh-2.3.3/main.c.in 2010-08-01 15:43:30.000000000 -0400 -+++ rssh-2.3.3/main.c.in 2012-05-11 16:44:39.000000000 -0400 -@@ -184,7 +184,7 @@ - * determine if the command in cmdline is acceptable to run, and store - * name of program to exec in cmd - */ -- if ( !(*cmd = check_command_line(cmdline, opts)) ) return NULL; -+ if ( !(*cmd = get_command(cmdline, opts)) ) return NULL; - - /* if we need to do chroot processing, do it */ - if ( opts->shell_flags & RSSH_USE_CHROOT ){ -@@ -252,7 +252,9 @@ - } - - /* return vector of pointers to command line arguments */ -- return build_arg_vector(cmdline, 0); -+ argvec = build_arg_vector(cmdline, 0); -+ if (check_command_line(argvec, opts)) return argvec; -+ else return NULL; - } - - void vers_info( void ) ---- rssh-2.3.3/util.c 2010-08-01 09:07:00.000000000 -0400 -+++ rssh-2.3.3/util.c 2012-05-11 16:43:10.000000000 -0400 -@@ -106,7 +106,7 @@ - /* print error message to user and log attempt */ - fprintf(stderr, "\nThis account is restricted by rssh.\n" - "%s\n\nIf you believe this is in error, please contact " -- "your system administrator.\n\n", cmd); -+ "your system administrator.\n\n", cmd); - if ( argc < 3 ) - log_msg("user %s attempted to log in with a shell", - username); -@@ -132,31 +132,35 @@ - */ - bool opt_exist(char *cl, char opt) - { -- int i = 0; -+ int i = 1; - int len; -- char *token; -- bool optstring = FALSE; -- - - len = strlen(cl); - - /* process command line character by character */ -- while ( i < (len - 2) ){ -- if ( cl[i] == ' ' || cl[i] == '\t' ){ -- if ( cl[i+1] == '-' ){ -- optstring = TRUE; -- i+=2; -- } -- } -- if ( cl[i] == opt && optstring ) return TRUE; -- if ( cl[i] == ' ' || cl[i] == '\t' || cl[i] == '-' ) -- optstring = FALSE; -+ if (!(cl[0] == '-')) return FALSE; -+ while ( i < (len) ){ -+ if ( cl[i] == opt ) return TRUE; - i++; - } - return FALSE; - } - - -+bool opt_filter(char **vec, const char opt) -+{ -+ while (vec && *vec){ -+ if (opt_exist(*vec, opt)){ -+ fprintf(stderr, "\nillegal insecure %c option", opt); -+ log_msg("insecure %c option in scp command line!", opt); -+ return TRUE; -+ } -+ vec++; -+ } -+ return FALSE; -+} -+ -+ - bool check_command( char *cl, ShellOptions_t *opts, char *cmd, int cmdflag ) - { - int cl_len; /* length of command line */ -@@ -186,69 +190,78 @@ - return FALSE; - } - -+ - /* - * check_command_line() - take the command line passed to rssh, and verify -- * that the specified command is one the user is -- * allowed to run. Return the path of the command -- * which will be run if it is ok, or return NULL if it -- * is not. -+ * that the specified command is one the user is -+ * allowed to run and validate the arguments. Return the -+ * path of the command which will be run if it is ok, or -+ * return NULL if it is not. - */ --char *check_command_line( char *cl, ShellOptions_t *opts ) -+char *check_command_line( char **cl, ShellOptions_t *opts ) - { - -- if ( check_command(cl, opts, PATH_SFTP_SERVER, RSSH_ALLOW_SFTP) ) -+ if ( check_command(*cl, opts, PATH_SFTP_SERVER, RSSH_ALLOW_SFTP) ) - return PATH_SFTP_SERVER; - -- if ( check_command(cl, opts, PATH_SCP, RSSH_ALLOW_SCP) ){ -+ if ( check_command(*cl, opts, PATH_SCP, RSSH_ALLOW_SCP) ){ - /* filter -S option */ -- if ( opt_exist(cl, 'S') ){ -- fprintf(stderr, "\ninsecure -S option not allowed."); -- log_msg("insecure -S option in scp command line!"); -- return NULL; -- } -+ if ( opt_filter(cl, 'S') ) return NULL; - return PATH_SCP; - } - -- if ( check_command(cl, opts, PATH_CVS, RSSH_ALLOW_CVS) ){ -- if ( opt_exist(cl, 'e') ){ -- fprintf(stderr, "\ninsecure -e option not allowed."); -- log_msg("insecure -e option in cvs command line!"); -- return NULL; -- } -+ if ( check_command(*cl, opts, PATH_CVS, RSSH_ALLOW_CVS) ){ -+ if ( opt_filter(cl, 'e') ) return NULL; - return PATH_CVS; - } - -- if ( check_command(cl, opts, PATH_RDIST, RSSH_ALLOW_RDIST) ){ -+ if ( check_command(*cl, opts, PATH_RDIST, RSSH_ALLOW_RDIST) ){ - /* filter -P option */ -- if ( opt_exist(cl, 'P') ){ -- fprintf(stderr, "\ninsecure -P option not allowed."); -- log_msg("insecure -P option in rdist command line!"); -- return NULL; -- } -+ if ( opt_filter(cl, 'P') ) return NULL; - return PATH_RDIST; - } - -- if ( check_command(cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ){ -+ if ( check_command(*cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ){ - /* filter -e option */ -- if ( opt_exist(cl, 'e') ){ -- fprintf(stderr, "\ninsecure -e option not allowed."); -- log_msg("insecure -e option in rdist command line!"); -- return NULL; -- } -- -- if ( strstr(cl, "--rsh=" ) ){ -- fprintf(stderr, "\ninsecure --rsh= not allowed."); -- log_msg("insecure --rsh option in rsync command line!"); -- return NULL; -+ if ( opt_filter(cl, 'e') ) return NULL; -+ while (cl && *cl){ -+ if ( strstr(*cl, "--rsh=" ) ){ -+ fprintf(stderr, "\ninsecure --rsh= not allowed."); -+ log_msg("insecure --rsh option in rsync command line!"); -+ return NULL; -+ } - } -- - return PATH_RSYNC; - } -+ /* No match, return NULL */ -+ return NULL; -+} -+ -+ -+/* -+ * get_command() - take the command line passed to rssh, and verify -+ * that the specified command is one the user is allowed to run. -+ * Return the path of the command which will be run if it is ok, -+ * or return NULL if it is not. -+ */ -+char *get_command( char *cl, ShellOptions_t *opts ) -+{ - -+ if ( check_command(cl, opts, PATH_SFTP_SERVER, RSSH_ALLOW_SFTP) ) -+ return PATH_SFTP_SERVER; -+ if ( check_command(cl, opts, PATH_SCP, RSSH_ALLOW_SCP) ) -+ return PATH_SCP; -+ if ( check_command(cl, opts, PATH_CVS, RSSH_ALLOW_CVS) ) -+ return PATH_CVS; -+ if ( check_command(cl, opts, PATH_RDIST, RSSH_ALLOW_RDIST) ) -+ return PATH_RDIST; -+ if ( check_command(cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ) -+ return PATH_RSYNC; - return NULL; - } - - -+ - /* - * extract_root() - takes a root directory and the full path to some other - * directory, and returns a pointer to a string which -@@ -264,7 +277,7 @@ - len = strlen(root); - /* get rid of a trailing / from the root path */ - if ( root[len - 1] == '/' ){ -- root[len - 1] = '\0'; -+ root[len - 1] = '\0'; - len--; - } - if ( (strncmp(root, path, len)) ) return NULL; -@@ -309,7 +322,7 @@ - * same name, and returns FALSE if the bits are not valid - */ - int validate_access( const char *temp, bool *allow_sftp, bool *allow_scp, -- bool *allow_cvs, bool *allow_rdist, bool *allow_rsync ) -+ bool *allow_cvs, bool *allow_rdist, bool *allow_rsync ) - { - int i; - ---- rssh-2.3.3/util.h 2006-12-21 17:22:38.000000000 -0500 -+++ rssh-2.3.3/util.h 2012-05-11 16:21:12.000000000 -0400 -@@ -33,7 +33,8 @@ - #include "rsshconf.h" - - void fail( int flags, int argc, char **argv ); --char *check_command_line( char *cl, ShellOptions_t *opts ); -+char *check_command_line( char **cl, ShellOptions_t *opts ); -+char *get_command( char *cl, ShellOptions_t *opts); - char *extract_root( char *root, char *path ); - int validate_umask( const char *temp, int *mask ); - int validate_access( const char *temp, bool *allow_sftp, bool *allow_scp, |