diff options
| author | Rene Ladan <rene@FreeBSD.org> | 2019-06-13 08:31:30 +0000 |
|---|---|---|
| committer | Rene Ladan <rene@FreeBSD.org> | 2019-06-13 08:31:30 +0000 |
| commit | 27467122ded598481c92909e49dd97b13b7edac1 (patch) | |
| tree | d99ac7c420ed709c20b48f29963468d8f64cd928 /shells | |
| parent | 6bd0af0f28704b03983b852e36c139eef6bf4c0f (diff) | |
| download | ports-27467122ded598481c92909e49dd97b13b7edac1.tar.gz ports-27467122ded598481c92909e49dd97b13b7edac1.zip | |
Notes
Diffstat (limited to 'shells')
| -rw-r--r-- | shells/Makefile | 1 | ||||
| -rw-r--r-- | shells/rssh/Makefile | 37 | ||||
| -rw-r--r-- | shells/rssh/distinfo | 2 | ||||
| -rw-r--r-- | shells/rssh/files/optional-patch-util.c | 122 | ||||
| -rw-r--r-- | shells/rssh/files/patch-log.c | 22 | ||||
| -rw-r--r-- | shells/rssh/files/patch-rssh__chroot__helper.c | 29 | ||||
| -rw-r--r-- | shells/rssh/files/patch-rsshconf.c | 368 | ||||
| -rw-r--r-- | shells/rssh/files/patch-util.c | 105 | ||||
| -rw-r--r-- | shells/rssh/pkg-descr | 6 | ||||
| -rw-r--r-- | shells/rssh/pkg-plist | 5 |
10 files changed, 0 insertions, 697 deletions
diff --git a/shells/Makefile b/shells/Makefile index 3324c1e35489..bd83878b7093 100644 --- a/shells/Makefile +++ b/shells/Makefile @@ -41,7 +41,6 @@ SUBDIR += pear-PHP_Shell SUBDIR += psh SUBDIR += rc - SUBDIR += rssh SUBDIR += rush SUBDIR += sash SUBDIR += scponly diff --git a/shells/rssh/Makefile b/shells/rssh/Makefile deleted file mode 100644 index ca034aab6c4b..000000000000 --- a/shells/rssh/Makefile +++ /dev/null @@ -1,37 +0,0 @@ -# Created by: enigmatyc -# $FreeBSD$ - -PORTNAME= rssh -PORTVERSION= 2.3.4 -PORTREVISION= 2 -CATEGORIES= shells security -MASTER_SITES= SF - -MAINTAINER= jharris@widomaker.com -COMMENT= Restricted Secure SHell only for sftp/scp/rdist/rsync/CVS - -LICENSE= BSD2CLAUSE -LICENSE_FILE= ${WRKSRC}/LICENSE - -DEPRECATED= Abandoned by upstream -EXPIRATION_DATE= 2019-06-11 - -GNU_CONFIGURE= yes - -USES= cpe -CPE_VENDOR= pizzashack -USE_CSTD= gnu89 -OPTIONS_DEFINE= RDIST RSYNC3 -RDIST_DESC= rdist support -RDIST_RUN_DEPENDS= rdist6:net/rdist6 -RDIST_CONFIGURE_ON= --with-rdist=${LOCALBASE}/bin/rdist6 - -RSYNC3_DESC= rsync3 support (Debian patch) -RSYNC3_EXTRA_PATCHES= ${FILESDIR}/optional-patch-util.c - -post-patch: - @${REINPLACE_CMD} -E -e 's,(\$$\(DESTDIR\)\$$\(sysconfdir\)/\$$\$$f),\1.dist,g' \ - -e 's,u\+s ,u+s $$\(DESTDIR\),g' \ - ${WRKSRC}/Makefile.in - -.include <bsd.port.mk> diff --git a/shells/rssh/distinfo b/shells/rssh/distinfo deleted file mode 100644 index cbf14724514d..000000000000 --- a/shells/rssh/distinfo +++ /dev/null @@ -1,2 +0,0 @@ -SHA256 (rssh-2.3.4.tar.gz) = f30c6a760918a0ed39cf9e49a49a76cb309d7ef1c25a66e77a41e2b1d0b40cd9 -SIZE (rssh-2.3.4.tar.gz) = 113315 diff --git a/shells/rssh/files/optional-patch-util.c b/shells/rssh/files/optional-patch-util.c deleted file mode 100644 index 146e48f1d33b..000000000000 --- a/shells/rssh/files/optional-patch-util.c +++ /dev/null @@ -1,122 +0,0 @@ -Verifies the command line options for rysnc. This is an updated version that -tightens the argument checking and requires to run rsync in server mode. -Taken from Debian ("0007-Verify-rsync-command-options"). ---- util.c.orig 2012-11-27 01:14:49 UTC -+++ util.c -@@ -56,6 +56,7 @@ - #ifdef HAVE_LIBGEN_H - #include <libgen.h> - #endif /* HAVE_LIBGEN_H */ -+#include <regex.h> - - /* LOCAL INCLUDES */ - #include "pathnames.h" -@@ -198,6 +199,71 @@ bool check_command( char *cl, ShellOptions_t *opts, ch - - - /* -+ * rsync_okay() - require --server on all rsh command lines, check that -e -+ * contains only protocol information, and reject any --rsh, -+ * --config, or --daemon option. Returns FALSE if the command -+ * line should not be allowed, TRUE if it is okay. -+ */ -+static int rsync_okay( char **vec ) -+{ -+ regex_t re; -+ int server = FALSE; -+ int e_found = FALSE; -+ -+ /* -+ * rsync will send -e, followed by either just "." (meaning no special -+ * protocol) or "N.N" (meaning a pre-release protocol version), -+ * followed by some number of alphabetic flags indicating various -+ * supported options. There may be other options between - and the e, -+ * but -e will always be the last option in the string. A typical -+ * option passed by the client is "-ltpre.iL". -+ * -+ * Note that if --server is given, this should never be parsed as a -+ * shell, but we'll tightly verify it anyway, just in case. -+ * -+ * This regex matches the acceptable flags containing -e, so if it -+ * does not match, the command line should be rejected. -+ */ -+ static const char pattern[] -+ = "^-[a-df-zA-Z]*e[0-9]*\\.[0-9]*[a-zA-Z]*$"; -+ -+ /* -+ * Only recognize --server if it's the first option. rsync itself -+ * always passes it that way, and if it's not the first argument, it -+ * could be hidden from the server as an argument to some other -+ * option. -+ */ -+ if ( !(vec && vec[0] && vec[1] && strcmp(vec[1], "--server") == 0) ) -+ return FALSE; -+ -+ /* Check the remaining options for -e or --rsh. */ -+ if ( regcomp(&re, pattern, REG_EXTENDED | REG_NOSUB) != 0 ){ -+ return FALSE; -+ } -+ while (vec && *vec){ -+ if ( strcmp(*vec, "--rsh") == 0 -+ || strcmp(*vec, "--daemon") == 0 -+ || strcmp(*vec, "--config") == 0 -+ || strncmp(*vec, "--rsh=", strlen("--rsh=")) == 0 -+ || strncmp(*vec, "--config=", strlen("--config=")) == 0 ){ -+ regfree(&re); -+ return FALSE; -+ } -+ if ( strncmp(*vec, "--", 2) != 0 && opt_exist(*vec, 'e') ){ -+ e_found = TRUE; -+ if ( regexec(&re, *vec, 0, NULL, 0) != 0 ){ -+ regfree(&re); -+ return FALSE; -+ } -+ } -+ vec++; -+ } -+ regfree(&re); -+ return TRUE; -+} -+ -+ -+/* - * check_command_line() - take the command line passed to rssh, and verify - * that the specified command is one the user is - * allowed to run and validate the arguments. Return the -@@ -229,16 +295,27 @@ char *check_command_line( char **cl, ShellOptions_t *o - } - - if ( check_command(*cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ){ -- /* filter -e option */ -- if ( opt_filter(cl, 'e') ) return NULL; -- while (cl && *cl){ -- if ( strstr(*cl, "--rsh" ) ){ -- fprintf(stderr, "\ninsecure --rsh= not allowed."); -- log_msg("insecure --rsh option in rsync command line!"); -- return NULL; -- } -- cl++; -+ if ( !rsync_okay(cl) ){ -+ fprintf(stderr, "\ninsecure rsync options not allowed."); -+ log_msg("insecure rsync options in rsync command line!"); -+ return NULL; - } -+ -+ /* -+ * rsync is linked with popt, which recognizes a configuration -+ * file ~/.popt that can, among other things, define aliases. -+ * If someone can write to the home directory of the rssh -+ * user, they can upload a ~/.popt file that contains -+ * something like "rsync alias --server --rsh" and then -+ * execute commands they upload. popt does not try to read -+ * its configuration file if HOME is not set, so unset HOME to -+ * disable this behavior. -+ */ -+ if ( unsetenv("HOME") < 0 ){ -+ log_msg("cannot unsetenv() HOME"); -+ return NULL; -+ } -+ - return PATH_RSYNC; - } - /* No match, return NULL */ diff --git a/shells/rssh/files/patch-log.c b/shells/rssh/files/patch-log.c deleted file mode 100644 index 515c4a50b142..000000000000 --- a/shells/rssh/files/patch-log.c +++ /dev/null @@ -1,22 +0,0 @@ -Workaround for basename(3) that is POSIX compliant since r308264 in FreeBSD 12 ---- log.c.orig 2012-11-27 00:25:13 UTC -+++ log.c -@@ -93,10 +93,14 @@ char *log_make_ident( const char *name ) - } - /* assign new value to ident from name */ - if ( !name ) return (ident = NULL); -- ident = strdup(basename((char*)name)); -- /* remove leading '-' from ident, if there is one */ -- if ( ident[0] == '-' ){ -- temp = strdup(ident + 1); -+ /* clone name in case basename() is POSIX-compliant */ -+ temp = strdup ((char *) name); -+ /* always pass writeable string to basename() */ -+ ident = strdup (basename (temp)); -+ free (temp); -+ /* safely remove leading '-' from ident, if there is one */ -+ if ((ident != NULL) && (ident[0] == '-')){ -+ temp = strdup(&ident[1]); - free(ident); - ident = temp; - } diff --git a/shells/rssh/files/patch-rssh__chroot__helper.c b/shells/rssh/files/patch-rssh__chroot__helper.c deleted file mode 100644 index 6688588aba9c..000000000000 --- a/shells/rssh/files/patch-rssh__chroot__helper.c +++ /dev/null @@ -1,29 +0,0 @@ -Workaround for basename(3) that is POSIX compliant since r308264 in FreeBSD 12 - -Incorporates also a patch to check the command line after chroot. Taken from -Debian ("0010-Check-command-line-after-chroot.patch") - ---- rssh_chroot_helper.c.orig 2006-12-21 22:22:35 UTC -+++ rssh_chroot_helper.c -@@ -159,7 +159,7 @@ int main( int argc, char **argv ) - opts.chroot_path = NULL; - - /* figure out our name, and give it to the log module */ -- progname = strdup(log_make_ident(basename(argv[0]))); -+ progname = strdup(log_make_ident(basename(strdup (argv[0])))); - - /* get user's passwd info */ - if ( (temp = getpwuid(getuid())) ){ -@@ -217,6 +217,12 @@ int main( int argc, char **argv ) - if ( !(argvec = build_arg_vector(argv[2], 0)) ) - ch_fatal_error("build_arg_vector()", argv[2], - "bad expansion"); -+ -+ /* check the command for safety */ -+ if ( !check_command_line(argvec, &opts) ){ -+ fprintf(stderr, "\n"); -+ exit(1); -+ } - - /* - * This is the old way to figure out what program to run. Since we're diff --git a/shells/rssh/files/patch-rsshconf.c b/shells/rssh/files/patch-rsshconf.c deleted file mode 100644 index 7c9f8e989564..000000000000 --- a/shells/rssh/files/patch-rsshconf.c +++ /dev/null @@ -1,368 +0,0 @@ ---- ./rsshconf.c.orig 2012-11-27 01:33:27.000000000 +0100 -+++ ./rsshconf.c 2013-12-27 09:57:15.000000000 +0100 -@@ -78,7 +78,7 @@ - NULL - }; - --int log=0; -+int rsshlog=0; - - /* flag to tell config parser to stop processing config file */ - static bool got_user_config = FALSE; -@@ -132,11 +132,11 @@ - int status = TRUE; /* were all the cfg lines good? */ - char line[CFG_LINE_LEN + 1]; /* buffer to hold region */ - -- log = do_log; -+ rsshlog = do_log; - memset(line, 0, CFG_LINE_LEN + 1); - cfg_file = fopen(filename, "r"); - if (!cfg_file) { -- if (log){ -+ if (rsshlog){ - log_set_priority(LOG_WARNING); - log_msg("config file (%s) missing, using defaults", - filename); -@@ -174,7 +174,7 @@ - *newline = '\0'; - else { - /* there is no newline - log the error and find the EOL */ -- if (log){ -+ if (rsshlog){ - log_set_priority(LOG_ERR); - log_msg("line %d: line too long", lineno); - } -@@ -241,12 +241,12 @@ - return TRUE; - default: - /* the keyword is unknown */ -- if (log){ -+ if (rsshlog){ - log_set_priority(LOG_ERR); - log_msg("line %d: syntax error parsing config file", - lineno); - } -- if ( keywrd[0] && log ) -+ if ( keywrd[0] && rsshlog ) - log_msg("unknown keyword: %s", keywrd); - return FALSE; - } -@@ -330,7 +330,7 @@ - /* initialize strings and pointers */ - memset(buf, 0, buflen); - if ( !(copy = strdup(str)) ){ -- if (log){ -+ if (rsshlog){ - log_set_priority(LOG_ERR); - log_msg("OOM error in get_token() (fatal)"); - } -@@ -433,11 +433,11 @@ - const int lineno ) - { - if ( !eat_comment(line) ){ -- if (log) log_msg("line %d: syntax error parsing config file", -+ if (rsshlog) log_msg("line %d: syntax error parsing config file", - lineno); - return FALSE; - } -- if (log){ -+ if (rsshlog){ - log_set_priority(LOG_INFO); - log_msg("allowing scp to all users"); - } -@@ -460,11 +460,11 @@ - int pos; - - if ( !(pos = eat_comment(line)) ){ -- if (log) log_msg("line %d: syntax error parsing config file", -+ if (rsshlog) log_msg("line %d: syntax error parsing config file", - lineno); - return FALSE; - } -- if (log){ -+ if (rsshlog){ - log_set_priority(LOG_INFO); - log_msg("allowing sftp to all users"); - } -@@ -488,11 +488,11 @@ - int pos; - - if ( !(pos = eat_comment(line)) ){ -- if (log) log_msg("line %d: syntax error parsing config file", -+ if (rsshlog) log_msg("line %d: syntax error parsing config file", - lineno); - return FALSE; - } -- if (log){ -+ if (rsshlog){ - log_set_priority(LOG_INFO); - log_msg("allowing cvs to all users"); - } -@@ -516,12 +516,12 @@ - int pos; - - if ( !(pos = eat_comment(line)) ){ -- if (log) log_msg("line %d: syntax error parsing config file", -+ if (rsshlog) log_msg("line %d: syntax error parsing config file", - lineno); - return FALSE; - } - log_set_priority(LOG_INFO); -- if (log){ -+ if (rsshlog){ - log_msg("allowing rdist to all users"); - opts->shell_flags |= RSSH_ALLOW_RDIST; - } -@@ -544,11 +544,11 @@ - int pos; - - if ( !(pos = eat_comment(line)) ){ -- if (log) log_msg("line %d: syntax error parsing config file", -+ if (rsshlog) log_msg("line %d: syntax error parsing config file", - lineno); - return FALSE; - } -- if (log){ -+ if (rsshlog){ - log_set_priority(LOG_INFO); - log_msg("allowing rsync to all users"); - } -@@ -573,7 +573,7 @@ - */ - - if ( !(temp = (char *)malloc(CFG_LINE_LEN + 1)) ){ -- if (log) log_msg("fatal error: can't allocate space for chroot path"); -+ if (rsshlog) log_msg("fatal error: can't allocate space for chroot path"); - exit(1); - } - /* get_asgn_param() eats trailing comments, so we won't */ -@@ -584,7 +584,7 @@ - - /* get rid of any old value for chroot path, assign new one */ - if ( opts->chroot_path ) free(opts->chroot_path); -- if (log){ -+ if (rsshlog){ - log_set_priority(LOG_INFO); - log_msg("chrooting all users to %s", temp); - } -@@ -605,7 +605,7 @@ - int pos; - - if ( !(temp = (char *)malloc(CFG_LINE_LEN + 1)) ){ -- if (log){ -+ if (rsshlog){ - log_set_priority(LOG_ERR); - log_msg("fatal error: can't allocate space for log facility"); - } -@@ -778,17 +778,17 @@ - - free(temp); - if ( !eat_comment(line + pos) ){ -- if (log) log_msg("line %d: syntax error parsing config file", -+ if (rsshlog) log_msg("line %d: syntax error parsing config file", - lineno); - return FALSE; - } - if ( facname ){ - log_set_priority(LOG_INFO); -- if (log) log_msg("setting log facility to %s", facname); -+ if (rsshlog) log_msg("setting log facility to %s", facname); - log_set_facility(fac); - return TRUE; - } -- if (log){ -+ if (rsshlog){ - log_msg("line %d: unknown log facility specified", lineno); - log_set_facility(LOG_USER); - } -@@ -804,7 +804,7 @@ - int mask; /* umask */ - - if ( !(temp = (char *)malloc(CFG_LINE_LEN + 1)) ){ -- if (log){ -+ if (rsshlog){ - log_set_priority(LOG_ERR); - log_msg("fatal error: can't allocate space in process_umask()"); - } -@@ -818,7 +818,7 @@ - - /* convert the umask to a number */ - if ( !validate_umask(temp, &mask) ){ -- if (log){ -+ if (rsshlog){ - log_set_priority(LOG_WARNING); - log_msg("line %d: invalid umask specified, using default 077", - lineno); -@@ -827,7 +827,7 @@ - free(temp); - return FALSE; - } -- if (log){ -+ if (rsshlog){ - log_set_priority(LOG_INFO); - log_msg("setting umask to %#o", mask); - } -@@ -857,7 +857,7 @@ - - /* make space for user options */ - if ( !(temp = (char *)malloc(CFG_LINE_LEN + 1)) ){ -- if (log) log_msg("fatal error: can't allocate space for user options"); -+ if (rsshlog) log_msg("fatal error: can't allocate space for user options"); - exit(1); - } - -@@ -870,7 +870,7 @@ - - /* now process individual config bits of temp */ - if ( !(pos = get_token(temp, user, CFG_LINE_LEN + 1, TRUE, TRUE )) ){ -- if (log){ -+ if (rsshlog){ - log_set_priority(LOG_ERR); - log_msg("syntax error parsing config file, line %d", - lineno); -@@ -887,12 +887,12 @@ - * user lines we don't care about... - */ - if ( (strcmp(user, username)) ) return TRUE; -- if (log){ -+ if (rsshlog){ - log_set_priority(LOG_INFO); - log_msg("line %d: configuring user %s", lineno, user); - } - if ( !(len = eat_colon(temp + pos)) ){ -- if (log) log_msg("syntax error parsing config file: line %d ", -+ if (rsshlog) log_msg("syntax error parsing config file: line %d ", - lineno); - return FALSE; - } -@@ -901,7 +901,7 @@ - /* do the umask, but validate it last, since it's non-fatal */ - if ( !(len = get_token(temp + pos, mask, CFG_LINE_LEN + 1, - TRUE, FALSE)) ){ -- if (log){ -+ if (rsshlog){ - log_set_priority(LOG_ERR); - log_msg("syntax error parsing user umask, line %d", lineno); - } -@@ -911,14 +911,14 @@ - - /* do the access bits */ - if ( !(len = eat_colon(temp + pos)) ){ -- if (log) log_msg("syntax error parsing config file: line %d ", -+ if (rsshlog) log_msg("syntax error parsing config file: line %d ", - lineno); - return FALSE; - } - pos += len; - if ( !(len = get_token(temp + pos, axs, CFG_LINE_LEN + 1, - TRUE, FALSE)) ){ -- if (log){ -+ if (rsshlog){ - log_set_priority(LOG_ERR); - log_msg("syntax error parsing user access, line %d", lineno); - } -@@ -926,7 +926,7 @@ - } - if ( !validate_access(axs, &allow_sftp, &allow_scp, &allow_cvs, - &allow_rdist, &allow_rsync) ){ -- if (log){ -+ if (rsshlog){ - log_set_priority(LOG_ERR); - log_msg("syntax error parsing access bits, line %d", lineno); - } -@@ -938,7 +938,7 @@ - if ( !(len = eat_colon(temp + pos)) ) goto cleanup; - pos += len; - if ( !(path = (char *)malloc(CFG_LINE_LEN + 1)) ){ -- if (log) log_msg("fatal error: can't allocate space for chroot path"); -+ if (rsshlog) log_msg("fatal error: can't allocate space for chroot path"); - exit(1); - } - if ( !(len = get_token(temp + pos, path, CFG_LINE_LEN + 1, -@@ -952,7 +952,7 @@ - /* make sure nothing is left */ - while ( *(temp + pos) != '\0' && isspace(*(temp + pos)) ) pos++; - if ( *(temp + pos) != '\0' ){ -- if (log){ -+ if (rsshlog){ - log_set_priority(LOG_ERR); - log_msg("syntax error parsing user config: line %d", lineno); - } -@@ -961,14 +961,14 @@ - - /* now finally validate the umask */ - if ( !validate_umask(mask, &tmpmask) ){ -- if (log){ -+ if (rsshlog){ - log_set_priority(LOG_WARNING); - log_msg("line %d: invalid umask specified, using default", - lineno); - } - tmpmask = 077; - } -- if (log){ -+ if (rsshlog){ - log_set_priority(LOG_INFO); - log_msg("setting %s's umask to %#o", user, tmpmask); - } -@@ -980,27 +980,27 @@ - opts->shell_flags = 0; - /* now set the user-specific flags */ - if ( allow_scp ){ -- if (log) log_msg("allowing scp to user %s", user); -+ if (rsshlog) log_msg("allowing scp to user %s", user); - opts->shell_flags |= RSSH_ALLOW_SCP; - } - if ( allow_sftp ){ -- if (log) log_msg("allowing sftp to user %s", user); -+ if (rsshlog) log_msg("allowing sftp to user %s", user); - opts->shell_flags |= RSSH_ALLOW_SFTP; - } - if ( allow_cvs ){ -- if (log) log_msg("allowing cvs to user %s", user); -+ if (rsshlog) log_msg("allowing cvs to user %s", user); - opts->shell_flags |= RSSH_ALLOW_CVS; - } - if ( allow_rdist ){ -- if (log) log_msg("allowing rdist to user %s", user); -+ if (rsshlog) log_msg("allowing rdist to user %s", user); - opts->shell_flags |= RSSH_ALLOW_RDIST; - } - if ( allow_rsync ){ -- if (log) log_msg("allowing rsync to user %s", user); -+ if (rsshlog) log_msg("allowing rsync to user %s", user); - opts->shell_flags |= RSSH_ALLOW_RSYNC; - } - if ( path ){ -- if (log) log_msg("chrooting %s to %s", user, path); -+ if (rsshlog) log_msg("chrooting %s to %s", user, path); - opts->shell_flags |= RSSH_USE_CHROOT; - } - opts->chroot_path = path; -@@ -1019,7 +1019,7 @@ - - /* make sure '=' is next token, otherwise syntax error */ - if ( (pos = eat_assignment(line)) <= 0 ){ -- if (log){ -+ if (rsshlog){ - log_set_priority(LOG_ERR); - log_msg("error parsing config file at line %d: " - "assignment expected", lineno); -@@ -1028,7 +1028,7 @@ - } - /* get the string parameter of the assignment */ - if ( !(len = get_token((line + pos), buf, buflen, FALSE, FALSE)) ){ -- if (log){ -+ if (rsshlog){ - log_set_priority(LOG_ERR); - log_msg("syntax error parsing config file, line %d", - lineno); -@@ -1038,7 +1038,7 @@ - pos += len; - /* check for ending comment */ - if ( !eat_comment(line + pos) ){ -- if (log){ -+ if (rsshlog){ - log_set_priority(LOG_ERR); - log_msg("syntax error parsing config file at line %d", - lineno); diff --git a/shells/rssh/files/patch-util.c b/shells/rssh/files/patch-util.c deleted file mode 100644 index d99de13c1afd..000000000000 --- a/shells/rssh/files/patch-util.c +++ /dev/null @@ -1,105 +0,0 @@ -Workaround for basename(3) that is POSIX compliant since r308264 in FreeBSD 12 - -Fixes buffer allocation for the fail message. Taken from Debian -("0003-Fix-buffer-allocation-buffer-for-fail-message"). - -Tightens the check for scp command line arguments that fixes also -"CVE-2019-1000018". Taken from Debian ("0009-Verify-scp-command-options"). -Please note that with this patch the scp option "-3" can no longer be used. - ---- util.c.orig 2012-11-27 01:14:49 UTC -+++ util.c -@@ -84,7 +84,7 @@ void fail( int flags, int argc, char **argv ) - /* create msg indicating what is allowed */ - if ( !size ) cmd = "This user is locked out."; - else { -- size += 18; -+ size += 18 + 1; - if ( !(cmd = (char *)malloc(size)) ){ - log_msg("fatal error: out of mem allocating log msg"); - exit(1); -@@ -165,6 +165,7 @@ bool check_command( char *cl, ShellOptions_t *opts, ch - { - char *prog; /* basename of cmd */ - char *tmp = cl; -+ char *tmp2 = NULL; - bool need_free = FALSE; - bool rc = FALSE; - int i; -@@ -186,11 +187,17 @@ bool check_command( char *cl, ShellOptions_t *opts, ch - } - - /* compare tmp to cmd and prog for match */ -- prog = basename(cmd); -+ tmp2 = strdup (cmd); -+ if (tmp2 == NULL) { -+ log_msg ("strdup() failed in check_command()"); -+ return FALSE; -+ } -+ prog = basename(tmp2); - if ( !(strcmp(tmp, cmd)) || !(strcmp(tmp, prog))){ - log_msg("cmd '%s' approved", prog); - rc = TRUE; - } -+ free (tmp2); - } - if (need_free) free(tmp); - return rc; -@@ -198,6 +205,43 @@ bool check_command( char *cl, ShellOptions_t *opts, ch - - - /* -+ * scp_okay() - take the command line and check that it is a hopefully-safe scp -+ * server command line, accepting only very specific options. -+ * Returns FALSE if the command line should not be allowed, TRUE -+ * if it is okay. -+ */ -+static int scp_okay( char **vec ) -+{ -+ int saw_f_or_t = FALSE; -+ -+ for ( vec++; vec && *vec; vec++ ){ -+ /* Allowed options. */ -+ if ( strcmp(*vec, "-v") == 0 ) continue; -+ if ( strcmp(*vec, "-r") == 0 ) continue; -+ if ( strcmp(*vec, "-p") == 0 ) continue; -+ if ( strcmp(*vec, "-d") == 0 ) continue; -+ if ( strcmp(*vec, "-f") == 0 || strcmp(*vec, "-pf") == 0 ){ -+ saw_f_or_t = TRUE; -+ continue; -+ } -+ if ( strcmp(*vec, "-t") == 0 || strcmp(*vec, "-pt") == 0 ){ -+ saw_f_or_t = TRUE; -+ continue; -+ } -+ -+ /* End of arguments. */ -+ if ( strcmp(*vec, "--") == 0 ) break; -+ -+ /* Any other argument is not allowed. */ -+ if ( *vec[0] == '-' ) return FALSE; -+ } -+ -+ /* Either -f or -t must have been given. */ -+ return saw_f_or_t; -+} -+ -+ -+/* - * check_command_line() - take the command line passed to rssh, and verify - * that the specified command is one the user is - * allowed to run and validate the arguments. Return the -@@ -212,8 +256,11 @@ char *check_command_line( char **cl, ShellOptions_t *o - return PATH_SFTP_SERVER; - - if ( check_command(*cl, opts, PATH_SCP, RSSH_ALLOW_SCP) ){ -- /* filter -S option */ -- if ( opt_filter(cl, 'S') ) return NULL; -+ if ( !scp_okay(cl) ){ -+ fprintf(stderr, "\ninsecure scp option not allowed."); -+ log_msg("insecure scp option in scp command line"); -+ return NULL; -+ } - return PATH_SCP; - } - diff --git a/shells/rssh/pkg-descr b/shells/rssh/pkg-descr deleted file mode 100644 index e853a9857386..000000000000 --- a/shells/rssh/pkg-descr +++ /dev/null @@ -1,6 +0,0 @@ -rssh is a restricted shell for use with OpenSSH, allowing only scp and/or sftp. -It now also includes support for rdist, rsync, and CVS. For example, if you -have a server which you only want to allow users to copy files off of via scp, -without providing shell access, you can use rssh to do that. - -WWW: http://www.pizzashack.org/rssh/index.shtml diff --git a/shells/rssh/pkg-plist b/shells/rssh/pkg-plist deleted file mode 100644 index 7976ca9a5483..000000000000 --- a/shells/rssh/pkg-plist +++ /dev/null @@ -1,5 +0,0 @@ -@shell bin/rssh -man/man1/rssh.1.gz -man/man5/rssh.conf.5.gz -etc/rssh.conf.default.dist -libexec/rssh_chroot_helper |