Date: Wednesday, August 1, 2012 @ 00:00:10 Author: bisson Revision: 164389
fix FS#30950 Added: rssh/trunk/env-breach.patch Modified: rssh/trunk/PKGBUILD rssh/trunk/rsync.patch ------------------+ PKGBUILD | 9 +- env-breach.patch | 228 +++++++++++++++++++++++++++++++++++++++++++++++++++++ rsync.patch | 33 +++---- 3 files changed, 249 insertions(+), 21 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2012-08-01 01:21:39 UTC (rev 164388) +++ PKGBUILD 2012-08-01 04:00:10 UTC (rev 164389) @@ -4,7 +4,7 @@ pkgname=rssh pkgver=2.3.3 -pkgrel=3 +pkgrel=4 pkgdesc='Restricted shell for use with OpenSSH, allowing only scp and/or sftp' url='http://www.pizzashack.org/rssh/' license=('custom:rssh') @@ -12,17 +12,20 @@ backup=('etc/rssh.conf') depends=('openssh') source=("http://downloads.sourceforge.net/sourceforge/rssh/rssh-${pkgver}.tar.gz"; + 'env-breach.patch' 'destdir.patch' 'rsync.patch') sha1sums=('0a6dd80b5e6059e0db12c9f1276121dd966b610a' + '434712f82f24c60834a10142ca5c49b8a57555a7' '85bd1694decae5872cbeeafd578b147eb13313c6' - '41f32f8a77b3a2b924ede6044ab67846e06b5d20') + '86564eab4493f4b4502a022e5938babb31450a00') build() { cd "${srcdir}/${pkgname}-${pkgver}" + patch -p1 -i ../env-breach.patch # FS#30950 + patch -p1 -i ../rsync.patch # FS#21783 patch -p1 -i ../destdir.patch - patch -p1 -i ../rsync.patch # FS#21783, debian patch ./configure \ --prefix=/usr \ Added: env-breach.patch =================================================================== --- env-breach.patch (rev 0) +++ env-breach.patch 2012-08-01 04:00:10 UTC (rev 164389) @@ -0,0 +1,228 @@ +--- rssh-2.3.3/main.c.in 2010-08-01 15:43:30.000000000 -0400 ++++ rssh-2.3.3/main.c.in 2012-05-11 16:44:39.000000000 -0400 +@@ -184,7 +184,7 @@ + * determine if the command in cmdline is acceptable to run, and store + * name of program to exec in cmd + */ +- if ( !(*cmd = check_command_line(cmdline, opts)) ) return NULL; ++ if ( !(*cmd = get_command(cmdline, opts)) ) return NULL; + + /* if we need to do chroot processing, do it */ + if ( opts->shell_flags & RSSH_USE_CHROOT ){ +@@ -252,7 +252,9 @@ + } + + /* return vector of pointers to command line arguments */ +- return build_arg_vector(cmdline, 0); ++ argvec = build_arg_vector(cmdline, 0); ++ if (check_command_line(argvec, opts)) return argvec; ++ else return NULL; + } + + void vers_info( void ) +--- rssh-2.3.3/util.c 2010-08-01 09:07:00.000000000 -0400 ++++ rssh-2.3.3/util.c 2012-05-11 16:43:10.000000000 -0400 +@@ -106,7 +106,7 @@ + /* print error message to user and log attempt */ + fprintf(stderr, "\nThis account is restricted by rssh.\n" + "%s\n\nIf you believe this is in error, please contact " +- "your system administrator.\n\n", cmd); ++ "your system administrator.\n\n", cmd); + if ( argc < 3 ) + log_msg("user %s attempted to log in with a shell", + username); +@@ -132,31 +132,35 @@ + */ + bool opt_exist(char *cl, char opt) + { +- int i = 0; ++ int i = 1; + int len; +- char *token; +- bool optstring = FALSE; +- + + len = strlen(cl); + + /* process command line character by character */ +- while ( i < (len - 2) ){ +- if ( cl[i] == ' ' || cl[i] == '\t' ){ +- if ( cl[i+1] == '-' ){ +- optstring = TRUE; +- i+=2; +- } +- } +- if ( cl[i] == opt && optstring ) return TRUE; +- if ( cl[i] == ' ' || cl[i] == '\t' || cl[i] == '-' ) +- optstring = FALSE; ++ if (!(cl[0] == '-')) return FALSE; ++ while ( i < (len) ){ ++ if ( cl[i] == opt ) return TRUE; + i++; + } + return FALSE; + } + + ++bool opt_filter(char **vec, const char opt) ++{ ++ while (vec && *vec){ ++ if (opt_exist(*vec, opt)){ ++ fprintf(stderr, "\nillegal insecure %c option", opt); ++ log_msg("insecure %c option in scp command line!", opt); ++ return TRUE; ++ } ++ vec++; ++ } ++ return FALSE; ++} ++ ++ + bool check_command( char *cl, ShellOptions_t *opts, char *cmd, int cmdflag ) + { + int cl_len; /* length of command line */ +@@ -186,69 +190,78 @@ + return FALSE; + } + ++ + /* + * check_command_line() - take the command line passed to rssh, and verify +- * that the specified command is one the user is +- * allowed to run. Return the path of the command +- * which will be run if it is ok, or return NULL if it +- * is not. ++ * that the specified command is one the user is ++ * allowed to run and validate the arguments. Return the ++ * path of the command which will be run if it is ok, or ++ * return NULL if it is not. + */ +-char *check_command_line( char *cl, ShellOptions_t *opts ) ++char *check_command_line( char **cl, ShellOptions_t *opts ) + { + +- if ( check_command(cl, opts, PATH_SFTP_SERVER, RSSH_ALLOW_SFTP) ) ++ if ( check_command(*cl, opts, PATH_SFTP_SERVER, RSSH_ALLOW_SFTP) ) + return PATH_SFTP_SERVER; + +- if ( check_command(cl, opts, PATH_SCP, RSSH_ALLOW_SCP) ){ ++ if ( check_command(*cl, opts, PATH_SCP, RSSH_ALLOW_SCP) ){ + /* filter -S option */ +- if ( opt_exist(cl, 'S') ){ +- fprintf(stderr, "\ninsecure -S option not allowed."); +- log_msg("insecure -S option in scp command line!"); +- return NULL; +- } ++ if ( opt_filter(cl, 'S') ) return NULL; + return PATH_SCP; + } + +- if ( check_command(cl, opts, PATH_CVS, RSSH_ALLOW_CVS) ){ +- if ( opt_exist(cl, 'e') ){ +- fprintf(stderr, "\ninsecure -e option not allowed."); +- log_msg("insecure -e option in cvs command line!"); +- return NULL; +- } ++ if ( check_command(*cl, opts, PATH_CVS, RSSH_ALLOW_CVS) ){ ++ if ( opt_filter(cl, 'e') ) return NULL; + return PATH_CVS; + } + +- if ( check_command(cl, opts, PATH_RDIST, RSSH_ALLOW_RDIST) ){ ++ if ( check_command(*cl, opts, PATH_RDIST, RSSH_ALLOW_RDIST) ){ + /* filter -P option */ +- if ( opt_exist(cl, 'P') ){ +- fprintf(stderr, "\ninsecure -P option not allowed."); +- log_msg("insecure -P option in rdist command line!"); +- return NULL; +- } ++ if ( opt_filter(cl, 'P') ) return NULL; + return PATH_RDIST; + } + +- if ( check_command(cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ){ ++ if ( check_command(*cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ){ + /* filter -e option */ +- if ( opt_exist(cl, 'e') ){ +- fprintf(stderr, "\ninsecure -e option not allowed."); +- log_msg("insecure -e option in rdist command line!"); +- return NULL; +- } +- +- if ( strstr(cl, "--rsh=" ) ){ +- fprintf(stderr, "\ninsecure --rsh= not allowed."); +- log_msg("insecure --rsh option in rsync command line!"); +- return NULL; ++ if ( opt_filter(cl, 'e') ) return NULL; ++ while (cl && *cl){ ++ if ( strstr(*cl, "--rsh=" ) ){ ++ fprintf(stderr, "\ninsecure --rsh= not allowed."); ++ log_msg("insecure --rsh option in rsync command line!"); ++ return NULL; ++ } + } +- + return PATH_RSYNC; + } ++ /* No match, return NULL */ ++ return NULL; ++} ++ ++ ++/* ++ * get_command() - take the command line passed to rssh, and verify ++ * that the specified command is one the user is allowed to run. ++ * Return the path of the command which will be run if it is ok, ++ * or return NULL if it is not. ++ */ ++char *get_command( char *cl, ShellOptions_t *opts ) ++{ + ++ if ( check_command(cl, opts, PATH_SFTP_SERVER, RSSH_ALLOW_SFTP) ) ++ return PATH_SFTP_SERVER; ++ if ( check_command(cl, opts, PATH_SCP, RSSH_ALLOW_SCP) ) ++ return PATH_SCP; ++ if ( check_command(cl, opts, PATH_CVS, RSSH_ALLOW_CVS) ) ++ return PATH_CVS; ++ if ( check_command(cl, opts, PATH_RDIST, RSSH_ALLOW_RDIST) ) ++ return PATH_RDIST; ++ if ( check_command(cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ) ++ return PATH_RSYNC; + return NULL; + } + + ++ + /* + * extract_root() - takes a root directory and the full path to some other + * directory, and returns a pointer to a string which +@@ -264,7 +277,7 @@ + len = strlen(root); + /* get rid of a trailing / from the root path */ + if ( root[len - 1] == '/' ){ +- root[len - 1] = '\0'; ++ root[len - 1] = '\0'; + len--; + } + if ( (strncmp(root, path, len)) ) return NULL; +@@ -309,7 +322,7 @@ + * same name, and returns FALSE if the bits are not valid + */ + int validate_access( const char *temp, bool *allow_sftp, bool *allow_scp, +- bool *allow_cvs, bool *allow_rdist, bool *allow_rsync ) ++ bool *allow_cvs, bool *allow_rdist, bool *allow_rsync ) + { + int i; + +--- rssh-2.3.3/util.h 2006-12-21 17:22:38.000000000 -0500 ++++ rssh-2.3.3/util.h 2012-05-11 16:21:12.000000000 -0400 +@@ -33,7 +33,8 @@ + #include "rsshconf.h" + + void fail( int flags, int argc, char **argv ); +-char *check_command_line( char *cl, ShellOptions_t *opts ); ++char *check_command_line( char **cl, ShellOptions_t *opts ); ++char *get_command( char *cl, ShellOptions_t *opts); + char *extract_root( char *root, char *path ); + int validate_umask( const char *temp, int *mask ); + int validate_access( const char *temp, bool *allow_sftp, bool *allow_scp, Modified: rsync.patch =================================================================== --- rsync.patch 2012-08-01 01:21:39 UTC (rev 164388) +++ rsync.patch 2012-08-01 04:00:10 UTC (rev 164389) @@ -1,6 +1,6 @@ -diff -aur old//util.c new//util.c ---- old//util.c 2010-08-01 15:07:00.000000000 +0200 -+++ new//util.c 2010-11-25 18:16:24.086709600 +0100 +diff -Naur old/util.c new/util.c +--- old/util.c 2012-08-01 13:48:47.803620731 +1000 ++++ new/util.c 2012-08-01 13:55:13.622614598 +1000 @@ -56,6 +56,7 @@ #ifdef HAVE_LIBGEN_H #include <libgen.h> @@ -9,9 +9,9 @@ /* LOCAL INCLUDES */ #include "pathnames.h" -@@ -187,6 +188,33 @@ - } +@@ -192,6 +193,33 @@ + /* + * check_rsync_e() - take the command line passed to rssh and look for a -e + * option. If one is found, make sure --server is provided @@ -41,17 +41,14 @@ + +/* * check_command_line() - take the command line passed to rssh, and verify - * that the specified command is one the user is - * allowed to run. Return the path of the command -@@ -230,9 +258,9 @@ + * that the specified command is one the user is + * allowed to run and validate the arguments. Return the +@@ -211,7 +239,7 @@ + } - if ( check_command(cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ){ - /* filter -e option */ -- if ( opt_exist(cl, 'e') ){ -+ if ( opt_exist(cl, 'e') && !check_rsync_e(cl) ){ - fprintf(stderr, "\ninsecure -e option not allowed."); -- log_msg("insecure -e option in rdist command line!"); -+ log_msg("insecure -e option in rsync command line!"); - return NULL; - } - + if ( check_command(*cl, opts, PATH_CVS, RSSH_ALLOW_CVS) ){ +- if ( opt_filter(cl, 'e') ) return NULL; ++ if ( opt_filter(cl, 'e') && !check_rsync_e(cl) ) return NULL; + return PATH_CVS; + } +
