security fix for optional ADC (admin-defined command) feature

Thanks to Dylan Simon for catching it...
This commit is contained in:
Sitaram Chamarty 2011-02-13 08:02:34 +05:30
parent a10287a4cd
commit a33f0f8504

View file

@ -1058,6 +1058,7 @@ sub shell_out {
sub try_adc { sub try_adc {
my ($cmd, @args) = split ' ', $ENV{SSH_ORIGINAL_COMMAND}; my ($cmd, @args) = split ' ', $ENV{SSH_ORIGINAL_COMMAND};
if (-x "$GL_ADC_PATH/$cmd") { if (-x "$GL_ADC_PATH/$cmd") {
die "I don't like $cmd\n" if $cmd =~ /\.\./;
# yes this is rather strict, sorry. # yes this is rather strict, sorry.
do { die "I don't like $_\n" unless $_ =~ $ADC_CMD_ARGS_PATT } for ($cmd, @args); do { die "I don't like $_\n" unless $_ =~ $ADC_CMD_ARGS_PATT } for ($cmd, @args);
log_it("$GL_ADC_PATH/$ENV{SSH_ORIGINAL_COMMAND}"); log_it("$GL_ADC_PATH/$ENV{SSH_ORIGINAL_COMMAND}");