connect: interactive mode: also accept /usr/bin/perl as parent#617
Open
frwbr wants to merge 1 commit intoovh:masterfrom
Open
connect: interactive mode: also accept /usr/bin/perl as parent#617frwbr wants to merge 1 commit intoovh:masterfrom
frwbr wants to merge 1 commit intoovh:masterfrom
Conversation
When building a the-bastion Debian package with dh_perl, dh_perl
may change the shebang of bin/shell/osh.pl from
#! /usr/bin/env perl
to
#! /usr/bin/perl
This changes cmdline[0] from 'perl' to '/usr/bin/perl'. When trying to
connect to a host in interactive mode, this then fails the security
check for the parent process cmdline[0] in bin/shell/connect.pl, which
only accepts 'perl' (not '/usr/bin/perl'). Thus, opening a connection
in interactive mode fails with a security violation.
To avoid this, accept both 'perl' and '/usr/bin/perl' in
bin/shell/connect.sh.
Signed-off-by: Friedrich Weber <f.weber@proxmox.com>
speed47
added
tests:long
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
When building a the-bastion Debian package with dh_perl, dh_perl may change the shebang of bin/shell/osh.pl from
to
This changes cmdline[0] from 'perl' to '/usr/bin/perl'. When trying to connect to a host in interactive mode, this then fails the security check for the parent process cmdline[0] in bin/shell/connect.pl, which only accepts 'perl' (not '/usr/bin/perl'). Thus, opening a connection in interactive mode fails with a security violation.
To avoid this, accept both 'perl' and '/usr/bin/perl' in bin/shell/connect.sh.