summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2001-06-21 03:14:49 +0000
committerBen Lindstrom <mouring@eviladmin.org>2001-06-21 03:14:49 +0000
commit699776e9ec1378c1e962146a15436e888e9594b0 (patch)
tree0189dbbe436772e1635270a00b2cb9ce09f1d508
parentc85ab8afab0b1f73cda607859f32f0d9558af594 (diff)
- markus@cvs.openbsd.org 2001/06/19 14:09:45
[session.c sshd.8] disable x11-fwd if use_login is enabled; from lukem@wasabisystems.com
-rw-r--r--ChangeLog5
-rw-r--r--session.c7
-rw-r--r--sshd.816
3 files changed, 23 insertions, 5 deletions
diff --git a/ChangeLog b/ChangeLog
index a3766b28..bf242a6f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -15,6 +15,9 @@
- markus@cvs.openbsd.org 2001/06/19 12:34:09
[session.c]
cleanup forced command handling, from dwd@bell-labs.com
+ - markus@cvs.openbsd.org 2001/06/19 14:09:45
+ [session.c sshd.8]
+ disable x11-fwd if use_login is enabled; from lukem@wasabisystems.com
20010615
- (stevesk) don't set SA_RESTART and set SIGCHLD to SIG_DFL
@@ -5667,4 +5670,4 @@
- Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1
-$Id: ChangeLog,v 1.1293 2001/06/21 03:13:10 mouring Exp $
+$Id: ChangeLog,v 1.1294 2001/06/21 03:14:49 mouring Exp $
diff --git a/session.c b/session.c
index 005f7ab1..187f38ed 100644
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.90 2001/06/19 12:34:09 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.91 2001/06/19 14:09:45 markus Exp $");
#include "ssh.h"
#include "ssh1.h"
@@ -1980,6 +1980,11 @@ session_setup_x11fwd(Session *s)
packet_send_debug("No xauth program; cannot forward with spoofing.");
return 0;
}
+ if (options.use_login) {
+ packet_send_debug("X11 forwarding disabled; "
+ "not compatible with UseLogin=yes.");
+ return 0;
+ }
if (s->display != NULL) {
debug("X11 display already set.");
return 0;
diff --git a/sshd.8 b/sshd.8
index 7ff4a420..796e8186 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd.8,v 1.126 2001/06/11 16:04:38 markus Exp $
+.\" $OpenBSD: sshd.8,v 1.127 2001/06/19 14:09:45 markus Exp $
.Dd September 25, 1999
.Dt SSHD 8
.Os
@@ -796,11 +796,18 @@ The default is AUTH.
Specifies whether
.Xr login 1
is used for interactive login sessions.
+The default is
+.Dq no .
Note that
.Xr login 1
is never used for remote command execution.
-The default is
-.Dq no .
+Note also, that if this is enabled,
+.Cm X11Forwarding
+will be disabled because
+.Xr login 1
+does not know how to handle
+.Xr xauth 1
+cookies.
.It Cm X11DisplayOffset
Specifies the first display number available for
.Nm sshd Ns 's
@@ -815,6 +822,9 @@ The default is
.Dq no .
Note that disabling X11 forwarding does not improve security in any
way, as users can always install their own forwarders.
+X11 forwarding is automatically disabled if
+.Cm UseLogin
+is enabled.
.It Cm XAuthLocation
Specifies the location of the
.Xr xauth 1