diff options
Diffstat (limited to 'main/rssh/check-command-line-after-chroot.patch')
-rw-r--r-- | main/rssh/check-command-line-after-chroot.patch | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/main/rssh/check-command-line-after-chroot.patch b/main/rssh/check-command-line-after-chroot.patch new file mode 100644 index 00000000000..8ef515d4756 --- /dev/null +++ b/main/rssh/check-command-line-after-chroot.patch @@ -0,0 +1,30 @@ +From: Russ Allbery <rra@debian.org> +Date: Mon, 28 Jan 2019 20:15:30 -0800 +Subject: Check command line after chroot + +When a command was configured with a chroot, rssh did not check +the safety of the command line after chroot, allowing various +vectors of remote code execution inside the chroot environment. +Perform the same check after chroot as is performed before running +the command when a chroot is not configured. +--- + rssh_chroot_helper.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/rssh_chroot_helper.c b/rssh_chroot_helper.c +index 8a35cdc..73d8c7b 100644 +--- a/rssh_chroot_helper.c ++++ b/rssh_chroot_helper.c +@@ -218,6 +218,12 @@ int main( int argc, char **argv ) + ch_fatal_error("build_arg_vector()", argv[2], + "bad expansion"); + ++ /* check the command for safety */ ++ if ( !check_command_line(argvec, &opts) ){ ++ fprintf(stderr, "\n"); ++ exit(1); ++ } ++ + /* + * This is the old way to figure out what program to run. Since we're + * re-parsing the config file in rssh_chroot helper, we could get rid |