search for: _path_bshell

Hi all, while _PATH_BSHELL is defined in "defines.h", there are two sources which uses /bin/sh _hardcoded_. Shouldn't that changed to _PATH_BSHELL, too? session.c:1065: f = popen("/bin/sh " SSH_USER_RC, "w"); session.c:1076: f = popen("/bin/sh " SSH_SYSTEM_RC, &quo...

#ssh -V OpenSSH_5.1p1, OpenSSL 0.9.8i 15 Sep 2008 Probably is not a real issue, because everyone should have its SHELL var defined, but as said above, when it's not, ssh with ProxyCommand will fail. I use connect.c, but with no SHELL var defined is not executed, ssh -v will give "No such file", and I'm pretty sure it refers to the shell, I read in ChangeLog that now ProxyCommand

.../* WITH_AIXAUTHENTICATE */ @@ -1129,8 +1130,9 @@ if (!pw) return 0; - /* deny if shell does not exists or is not executable */ - if (stat(pw->pw_shell, &st) != 0) + /* deny if shell is not executable, empty shell defaults to /bin/sh */ + shell = pw->pw_shell[0] ? pw->pw_shell : _PATH_BSHELL; + if (stat(shell, &st) != 0) return 0; if (!((st.st_mode & S_IFREG) && (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)))) return 0;

...s no way to run commands with anything other than the user's password shell, it really needs to do so. A simple patch would be to session.c, @ line 1746 : /* * Get the shell from the password data. An empty shell field is * legal, and means /bin/sh. */ shell = (pw->pw_shell[0] == 0) ? _PATH_BSHELL : pw->pw_shell; One could do something like: char *sh; if ( (sh=getenv("SSH_SHELL") )!= NULL ) shell = sh; else shell = (pw->pw_shell[0] == 0) ? _PATH_BSHELL : pw->pw_shell; Or provide some configuration option - this would probably have to be...

...exec/ssh-keysign\" -D_PATH_SSH_PIDDIR=\"/etc\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DSSH_RAND_HELPER=\"/usr/local/encap/openssh-4.4p1/libexec/ssh-rand-helper\" -DHAVE_CONFIG_H -c readpass.c "/usr/include/paths.h", line 50.9: 1506-213 (S) Macro name _PATH_BSHELL cannot be redefined. "/usr/include/paths.h", line 50.9: 1506-358 (I) "_PATH_BSHELL" is defined on line 322 of defines.h. "/usr/include/paths.h", line 52.9: 1506-213 (S) Macro name _PATH_CSHELL cannot be redefined. "/usr/include/paths.h", line 52.9: 1506-358 (...

...v[0], file, argv[1], ..., NULL }) > > is not being done. Instead, the following is done: > > execv(<shell path>, { <shell path>, file, argv[1], ..., NULL }) > > In other words, the original argv[0] is not preserved, but is replaced by <shell path>. (Look for _PATH_BSHELL in said historical glibc commit, and also in today's glibc file "posix/execvpe.c".) Aside - what a funny filename, since execvpe() is a glibc extension not in POSIX ;) I've now filed a bug report to the Austin Group: https://www.austingroupbugs.net/view.php?id=1645 And while res...

...>pw_uid || geteuid() != pw->pw_uid) fatal("Failed to set uids to %d.", (int) pw->pw_uid); +#endif /* LOGIN_CAP */ } /* * Get the shell from the password data. An empty shell field is * legal, and means /bin/sh. */ + shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell; #ifdef LOGIN_CAP - shell = pw->pw_shell; shell = login_getcapstr(lc, "shell", shell, shell); - if (shell[0] == '\0') - shell = _PATH_BSHELL; -#else /* LOGIN_CAP */ - shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell; #endif /*...

...all the changes against OpenSSH_2.9p2 in case anybody else on the list wants to try it. - Dave Dykstra -------------- next part -------------- *** auth.c.O Mon Jun 18 09:31:58 2001 --- auth.c Mon Jun 18 09:35:08 2001 *************** *** 68,83 **** shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell; /* deny if shell does not exists or is not executable */ ! if (stat(shell, &st) != 0) return 0; ! if (!((st.st_mode & S_IFREG) && (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)))) return 0; /* Return false if user is listed in DenyUsers */ if...

...xecv(<shell path>, { argv[0], file, argv[1], ..., NULL }) is not being done. Instead, the following is done: execv(<shell path>, { <shell path>, file, argv[1], ..., NULL }) In other words, the original argv[0] is not preserved, but is replaced by <shell path>. (Look for _PATH_BSHELL in said historical glibc commit, and also in today's glibc file "posix/execvpe.c".) This can be demonstrated with: $ PATH=.:$PATH strace -etrace=execve test-execvp execve("./test-execvp", ["test-execvp"], 0x7ffc0d1e5248 /* 85 vars */) = 0 execve("./hello.sh...

Hello, My usage of ProxyCommand just calls the nc utility with various parameters. That in turn after the initial setup just copies copies the data from the network socket to stdin/stdout. This useless coping can be avoided if ssh has an option to receive the socket from the proxy command. I suppose it can improve network error reporting as ssh would talk directly to the network socket rather

...E # else # define _PATH_UTMP "/var/adm/utmp" # endif # endif #endif #ifndef _PATH_WTMP # ifdef WTMPX_FILE # define _PATH_WTMP WTMPX_FILE # else # ifdef WTMP_FILE # define _PATH_WTMP WTMP_FILE # else # define _PATH_WTMP "/var/adm/wtmp" # endif # endif #endif #ifndef _PATH_BSHELL # define _PATH_BSHELL "/bin/sh" #endif #ifndef _PATH_STDPATH # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin:" #endif #ifndef _PATH_DEVNULL # define _PATH_DEVNULL "/dev/null" #endif #ifndef _PATH_MAILDIR # ifdef MAILDIR # define _PATH_MAILDIR MAILDIR # endif...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 openssh-1.2.1pre20 has been released at: http://violet.ibs.com.au/openssh/files/ This release integrates more of Andre Lucas' portability patch, Ben Taylor's utmpx patch and some cleanups and bugfixes of my own. The auth-passwd failures should be fixed, as should lastlog support on NetBSD. Since Andre Lucas' patch included platform

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 openssh-1.2.1pre20 has been released at: http://violet.ibs.com.au/openssh/files/ This release integrates more of Andre Lucas' portability patch, Ben Taylor's utmpx patch and some cleanups and bugfixes of my own. The auth-passwd failures should be fixed, as should lastlog support on NetBSD. Since Andre Lucas' patch included platform

...*loginmsg; #endif /* WITH_AIXAUTHENTICATE */ @@ -1129,8 +1130,9 @@ if (!pw) return 0; - /* deny if shell does not exists or is not executable */ - if (stat(pw->pw_shell, &st) != 0) + /* deny if shell is not executable, empty shell defaults to /bin/sh */ + shell = pw->pw_shell[0] ? _PATH_BSHELL : pw->pw_shell; + if (stat(shell, &st) != 0) return 0; if (!((st.st_mode & S_IFREG) && (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)))) return 0;

...E */ @@ -1130,7 +1131,12 @@ return 0; /* deny if shell does not exists or is not executable */ - if (stat(pw->pw_shell, &st) != 0) + /* first make sure that "" == "/bin/sh", as specified in passwd(5) */ + if (!pw->pw_shell || !strlen(pw->pw_shell)) + shell = _PATH_BSHELL; + else + shell = pw->pw_shell; + if (stat(shell, &st) != 0) return 0; if (!((st.st_mode & S_IFREG) && (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)))) return 0; -- vsync http://quadium.net/ Orjner.

...s. The sshd currently missbehaves, it sets the SHELL to the program it actually executes. Fix: --- ssh/session.c.orig2 Sat Dec 7 07:48:46 2002 +++ ssh/session.c Sat Dec 7 07:57:16 2002 @@ -1325,11 +1325,19 @@ * legal, and means /bin/sh. */ shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell; + + /* Set up the environment for child */ + env = do_setup_env(s, shell); + + /* + * The shell specifed in login class overrides the shell in passwd, + * but, according to the login.conf(5), the SHELL env variable must + * contain the value from passwd, so we do this *after*...

> > On Mar 22, 2008, at 3:32 PM, Chris Wilson wrote: > > > >> As I understand the "ForceCommand" in the sshd_confing file is meant to > >> ignore any command supplied by the client, but if user's home is shared > >> by server and client machines over network (ex. NFS) then user can > >> still put something else into ~/.ssh/rc file and

...ssh-2.9p2_forceshell/session.c Wed Oct 3 09:58:44 2001 @@ -1195,7 +1195,12 @@ * Get the shell from the password data. An empty shell field is * legal, and means /bin/sh. */ + if(forced_shell != NULL) { + shell = forced_shell; + } + else { shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell; + } #ifdef HAVE_LOGIN_CAP shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell); #endif -------------- next part -------------- #!/usr/bin/perl # Changes root to APPROOT as current user and runs given command or bash # -Don Mahurin my(@command) = @ARGV...

Hi, The 4.4p1 release is approaching now, so we are now asking people to actively test snapshots or CVS and report back to the mailing list. Snapshots are available from http://www.mindrot.org/openssh_snap or from any of the mirrors listed on http://www.openssh.org/portable.html The latter page also includes instructions for checking out portable OpenSSH via anonymous CVS. This release

Hi Damien, I noticed you merged a couple of ifdefs in the fix for bug #442. The cvs comment says "Fix Bug #442 for PAM case". The code is now roughly: #if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \ !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE) spw = getspnam(pw->pw_name); passwd = spw->sp_pwdp; #else passwd =