diff options
author | kris <kris@FreeBSD.org> | 2000-06-10 22:32:57 +0000 |
---|---|---|
committer | kris <kris@FreeBSD.org> | 2000-06-10 22:32:57 +0000 |
commit | ad6da2a572d407fcefb6e59135d685555e001b20 (patch) | |
tree | 9aa2b06a046d420e510d2f4c8baac2f0ebc79059 /crypto/openssh | |
parent | 514604f6297fde70cf9b7877c5995c8160434365 (diff) | |
download | FreeBSD-src-ad6da2a572d407fcefb6e59135d685555e001b20.zip FreeBSD-src-ad6da2a572d407fcefb6e59135d685555e001b20.tar.gz |
Fix security botch in "UseLogin Yes" case: commands are executed with
uid 0.
Obtained from: OpenBSD
Diffstat (limited to 'crypto/openssh')
-rw-r--r-- | crypto/openssh/session.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/crypto/openssh/session.c b/crypto/openssh/session.c index f4c615d..80fb49c 100644 --- a/crypto/openssh/session.c +++ b/crypto/openssh/session.c @@ -858,6 +858,10 @@ do_child(const char *command, struct passwd * pw, const char *term, struct stat st; char *argv[10]; + /* login(1) is only called if we execute the login shell */ + if (options.use_login && command != NULL) + options.use_login = 0; + #ifdef LOGIN_CAP login_cap_t *lc; |