From ad6da2a572d407fcefb6e59135d685555e001b20 Mon Sep 17 00:00:00 2001
From: kris <kris@FreeBSD.org>
Date: Sat, 10 Jun 2000 22:32:57 +0000
Subject: Fix security botch in "UseLogin Yes" case: commands are executed with
 uid 0.

Obtained from:	OpenBSD
---
 crypto/openssh/session.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'crypto')

diff --git a/crypto/openssh/session.c b/crypto/openssh/session.c
index f4c615d..80fb49c 100644
--- a/crypto/openssh/session.c
+++ b/crypto/openssh/session.c
@@ -858,6 +858,10 @@ do_child(const char *command, struct passwd * pw, const char *term,
 	struct stat st;
 	char *argv[10];
 
+	/* login(1) is only called if we execute the login shell */
+	if (options.use_login && command != NULL)
+		options.use_login = 0;
+
 #ifdef LOGIN_CAP
 	login_cap_t *lc;
 
-- 
cgit v1.1