From owner-freebsd-security Tue Aug 14 17:21:54 2001 Delivered-To: freebsd-security@freebsd.org Received: from nagual.pp.ru (pobrecita.freebsd.ru [194.87.13.42]) by hub.freebsd.org (Postfix) with ESMTP id F3D0337B40A; Tue, 14 Aug 2001 17:21:50 -0700 (PDT) (envelope-from ache@nagual.pp.ru) Received: (from ache@localhost) by nagual.pp.ru (8.11.4/8.11.4) id f7F0Lnj05556; Wed, 15 Aug 2001 04:21:49 +0400 (MSD) (envelope-from ache) Date: Wed, 15 Aug 2001 04:21:46 +0400 From: "Andrey A. Chernov" To: security@freebsd.org, markm@freebsd.org Subject: CFR: OPIE heuristic to detect SSH connection Message-ID: <20010815042144.A5499@nagual.pp.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.20i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I plan to commit this for proper OPIE+SSH integration (without bothering people using SSH to add unneded -f key). This is completely in insecure style of other OPIE heuristics sensing DISPLAY and TERM, this is not supposed to be secure, only to help people with warnings. --- insecure.c.bak Tue Apr 11 16:52:01 2000 +++ insecure.c Wed Aug 15 04:11:21 2001 @@ -64,6 +64,8 @@ if (result != -1) return result; + if (getenv("SSH_CLIENT") != NULL) + return (result = 0); display_name = (char *) getenv("DISPLAY"); term_name = (char *) getenv("TERM"); -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message