Mailing List Archive

running ~/.ssh/rc doesn't use users shell or file's interpreter (Security issue?)
I have an rc script and ran across what appears to be a bug.

In the rc script, I have the start line:
#!/bin/bash, as well as it seems to ignore the user's shell.

While one might argue that 'rc' is not executed, but sourced,
at the very least it seems it should use the user's listed
shell.

If I have a user setup with 'rbash', 'rsh', for example,
ssh would seem to ignore that and use /bin/sh.


_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: running ~/.ssh/rc doesn't use users shell or file's interpreter (Security issue?) [ In reply to ]
On Tue, 3 Sep 2019, L A Walsh wrote:

> I have an rc script and ran across what appears to be a bug.
>
> In the rc script, I have the start line:
> #!/bin/bash, as well as it seems to ignore the user's shell.
>
> While one might argue that 'rc' is not executed, but sourced,
> at the very least it seems it should use the user's listed
> shell.
>
> If I have a user setup with 'rbash', 'rsh', for example,
> ssh would seem to ignore that and use /bin/sh.

The user rc file is actually run using the user's shell since 2001, though
indirectly:

> snprintf(cmd, sizeof cmd, "%s -c '%s %s'",
> shell, _PATH_BSHELL, _PATH_SSH_USER_RC);
> f = popen(cmd, "w");

So restricted shells do have a chance to intervene.

I don't think it would be possible to change how this is executed as doing
so would potentially break a bunch of working setups in difficult to debug
ways.

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev