Commit f4a0aaa9 authored by Niels Möller's avatar Niels Möller
Browse files

* src/lshd-userauth.c (main): Display a warning if the name of the

lshd-connectiion executable doesn't start with a "/".
(canonicalize_file_name): Deleted function, reverting earlier
change.
(start_service): For simplicity, removed special handling of
relative file names and the canonicalize_file_name call. If user
insists on using a relative file name, it will be interpreted
relative to the logged in user's home directory.

Rev: src/lshd-userauth.c:1.4
parent 0956870e
......@@ -536,50 +536,6 @@ format_env_pair(const char *name, const char *value)
return lsh_get_cstring(ssh_format("%lz=%lz", name, value));
}
#if !HAVE_CANONICALIZE_FILE_NAME
/* NOTE: This is a best effort function. It's really not possible to
use realpath in a safe and robust way. This function is used only
for the name of the service executable, from the configuration file
or the LSHD_CONNECTION environment variable, not on any names
supplied by the remote user. */
/* FIXME: Some alternatives: Use getcwd and catenate cwd "/" name. Or
refuse to handle absolute filenames at all? */
static char *
canonicalize_file_name (const char *name)
{
char *res;
long path_max; /* Must use a signed type, to check for errors from pathconf */
#ifdef PATH_MAX
path_max = PATH_MAX;
#else
path_max = pathconf (path, _PC_PATH_MAX);
if (path_max <= 0)
path_max = 4096;
#endif
res = malloc(path_max + 1);
if (!res)
return NULL;
/* To ensure NUL-termination, and to try to detect buffer overruns
by realpath. */
res[path_max] = '\0';
if (!realpath(name, res))
{
free(res);
return NULL;
}
if (res[path_max])
fatal("realpath overwriting it's buffer!\n");
return res;
}
#endif /* !HAVE_CANONICALIZE_FILE_NAME */
/* Change persona, set up new environment, change directory, and exec
the service process. */
static void
......@@ -618,14 +574,6 @@ start_service(struct lshd_user *user, char **argv)
assert(i <= ENV_MAX);
/* To allow for a relative path, even when we cd to $HOME. */
argv[0] = (argv[0][0] == '/' ? argv[0] : canonicalize_file_name(argv[0]));
if (!argv[0])
{
werror("start_service: canonicalize_file_name failed: %e\n", errno);
service_error("Failed to start service process");
}
if (user->uid != getuid())
{
if (initgroups(cname, user->gid) < 0)
......@@ -676,6 +624,8 @@ start_service(struct lshd_user *user, char **argv)
Can we require that the login-shell is posix-style?
*/
/* NOTE: Any relative PATH in argv[0] will be interpreted relative
to the user's home directory. */
execve(argv[0], (char **) argv, (char **) env);
werror("start_service: exec failed: %e.", errno);
......@@ -835,6 +785,10 @@ main(int argc, char **argv)
char buf[10];
GET_FILE_ENV(args[0], LSHD_CONNECTION);
if (args[0][0] != '/')
werror("Using a relative filename `%z'.\n", args[0]);
if (helper_fd != -1)
{
snprintf(buf, sizeof(buf)-1, "%d", helper_fd);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment