diff options
author | sos <sos@FreeBSD.org> | 1996-10-13 15:05:14 +0000 |
---|---|---|
committer | sos <sos@FreeBSD.org> | 1996-10-13 15:05:14 +0000 |
commit | 75d85a7c3c9ced9d967500b45e1542591ec86ae8 (patch) | |
tree | 83822a550ef8f9efa6e20dae8b619ce5d68f01b5 /usr.sbin | |
parent | 395dbdd9aa5124712f0aa6e3351ba372f58179a5 (diff) | |
download | FreeBSD-src-75d85a7c3c9ced9d967500b45e1542591ec86ae8.zip FreeBSD-src-75d85a7c3c9ced9d967500b45e1542591ec86ae8.tar.gz |
Fixed the security leek I introduced the other day, now
shell command is only executabel from command files, not
from the commandline.
Diffstat (limited to 'usr.sbin')
-rw-r--r-- | usr.sbin/ppp/command.c | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/usr.sbin/ppp/command.c b/usr.sbin/ppp/command.c index 72e9a59..c413a46 100644 --- a/usr.sbin/ppp/command.c +++ b/usr.sbin/ppp/command.c @@ -17,7 +17,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: command.c,v 1.22 1996/10/10 11:27:35 sos Exp $ + * $Id: command.c,v 1.23 1996/10/12 16:20:28 jkh Exp $ * */ #include <sys/types.h> @@ -170,16 +170,22 @@ char **argv; #ifndef HAVE_SHELL_CMD_WITH_ANY_MODE if( mode != MODE_INTER) { fprintf(stdout, - "Can start an shell only in interactive mode\n"); + "Can only start a shell in interactive mode\n"); return(1); } #else if(argc == 0 && !(mode & MODE_INTER)) { fprintf(stderr, - "Can start an interactive shell only in interactive mode\n"); + "Can only start an interactive shell in interactive mode\n"); return(1); } #endif /* HAVE_SHELL_CMD_WITH_ANY_MODE */ +#else + if ((mode & (MODE_AUTO|MODE_INTER)) == (MODE_AUTO|MODE_INTER)) { + fprintf(stdout, + "Shell is not allowed interactively in auto mode\n"); + return(1); + } #endif /* SHELL_ONLY_INTERACTIVELY */ if((shpid = fork()) == 0) { int dtablesize, i ; @@ -580,6 +586,7 @@ char **argv; if (mode & (MODE_DIRECT|MODE_DEDICATED|MODE_AUTO)) { if (argc > 0 && (VarLocalAuth & LOCAL_AUTH)) { Cleanup(EX_NORMAL); + mode &= ~MODE_INTER; } else { VarLocalAuth = LOCAL_NO_AUTH; close(netfd); |