Andrew Bartlett
2001-Mar-17 03:14 UTC
sshd executes ~/.ssh/sshrc without using user's shell
I am considering allowing (relitivly) untrusted local users onto my fileserver, so they can use SFTP to access their home directories. I have a custom shell, (a taint-mode enabled perl script) that allows users to change their password, which I have modifed to only allow a '-c' command for the sftp-server. I have also disabled TCP port forwarding. However, some reading of the OpenSSH code suggests that, while most commands sshd excutes use the users login shell, the popen call for .ssh/sshrc does not. (session.c:1342 and there-abouts). Is this an issue? Or do I have bigger things to worry about? Thanks, Andrew Bartlett -- Andrew Bartlett abartlet at pcug.org.au
On Sat, Mar 17, 2001 at 02:14:22PM +1100, Andrew Bartlett wrote:> I am considering allowing (relitivly) untrusted local users onto my > fileserver, so they can use SFTP to access their home directories. > > I have a custom shell, (a taint-mode enabled perl script) that allows > users to change their password, which I have modifed to only allow a > '-c' command for the sftp-server. > > I have also disabled TCP port forwarding. However, some reading of the > OpenSSH code suggests that, while most commands sshd excutes use the > users login shell, the popen call for .ssh/sshrc does not. > (session.c:1342 and there-abouts). > > Is this an issue?yes. in the future, subsystems will probably ignore this file.> Or do I have bigger things to worry about?nothing that i can think of.