From owner-freebsd-bugs  Thu Apr 20  6:20: 7 2000
Delivered-To: freebsd-bugs@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP id E6B5337BE04
	for <freebsd-bugs@FreeBSD.org>; Thu, 20 Apr 2000 06:20:04 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id GAA52589;
	Thu, 20 Apr 2000 06:20:04 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Date: Thu, 20 Apr 2000 06:20:04 -0700 (PDT)
Message-Id: <200004201320.GAA52589@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: IKEDA Kenji <noroi@mob.or.jp>
Subject: Re: misc/18109: if pw_shell is empty(/bin/sh is assumed), cannot
 login via ssh.
Reply-To: IKEDA Kenji <noroi@mob.or.jp>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

The following reply was made to PR misc/18109; it has been noted by GNATS.

From: IKEDA Kenji <noroi@mob.or.jp>
To: alex@big.endian.de
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: misc/18109: if pw_shell is empty(/bin/sh is assumed), cannot
 login via ssh.
Date: Thu, 20 Apr 2000 22:13:24 +0900

 On Thu, 20 Apr 2000 13:31:07 +0200, Alexander Langer <alex@big.endian.de> wrote:
 
 > You should add indentation to make your code more readable.
 
 Sorry.
 
 > What will happen if it is == 0 now?
 
 if pw->pw_shell == 0 then ... segmentation violation will happen.
 if pw->pw_shell[0] == 0 then ... it means /bin/sh.  /bin/sh always valid.
 
 --- sshd.c.~1~	Thu Apr 20 21:37:40 2000
 +++ sshd.c	Thu Apr 20 21:47:58 2000
 @@ -1211,11 +1211,13 @@
  	if (!pw)
  		return 0;
  
 -	/* deny if shell does not exists or is not executable */
 -	if (stat(pw->pw_shell, &st) != 0)
 -		return 0;
 -	if (!((st.st_mode & S_IFREG) && (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP))))
 -		return 0;
 +	if (pw->pw_shell && pw->pw_shell[0]) {
 +		/* deny if shell does not exists or is not executable */
 +		if (stat(pw->pw_shell, &st) != 0)
 +			return 0;
 +		if (!((st.st_mode & S_IFREG) && (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP))))
 +			return 0;
 +	}
  
  	/* Return false if user is listed in DenyUsers */
  	if (options.num_deny_users > 0) {
 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message