[SCM] The rsync repository. - branch master updated
Rsync CVS commit messages
rsync-cvs at lists.samba.org
Fri Sep 9 17:49:26 UTC 2022
The branch, master has been updated
via 5447d038 Mention a potential bash security issue with openssh forced commands.
from 71177363 A few more minor tweaks.
https://git.samba.org/?p=rsync.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 5447d038c66dbe8de0cd5db1bc1e60d111bc9880
Author: Wayne Davison <wayne at opencoder.net>
Date: Fri Sep 9 10:47:09 2022 -0700
Mention a potential bash security issue with openssh forced commands.
-----------------------------------------------------------------------
Summary of changes:
support/rrsync.1.md | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
Changeset truncated at 500 lines:
diff --git a/support/rrsync.1.md b/support/rrsync.1.md
index a7365323..98f2cab0 100644
--- a/support/rrsync.1.md
+++ b/support/rrsync.1.md
@@ -22,6 +22,10 @@ transfer in one of two easy ways:
* forcing the running of the rrsync script
* forcing the running of an rsync daemon-over-ssh command.
+Both of these setups use a feature of ssh that allows a command to be forced to
+run instead of an interactive shell. However, if the user's home shell is bash,
+please see [BASH SECURITY ISSUE](#) for a potential issue.
+
To use the rrsync script, edit the user's `~/.ssh/authorized_keys` file and add
a prefix like one of the following (followed by a space) in front of each
ssh-key line that should be restricted:
@@ -107,6 +111,26 @@ overrides.
The script (or a copy of it) can be manually edited if you want it to customize
the option handling.
+## BASH SECURITY ISSUE
+
+If your users have bash set as their home shell, bash may try to be overly
+helpful and ensure that the user's login bashrc files are run prior to
+executing the forced command. This can be a problem if the user can somehow
+update their home bashrc files, perhaps via the restricted copy, a shared home
+directory, or something similar.
+
+One simple way to avoid the issue is to switch the user to a simpler shell,
+such as dash. When choosing the new home shell, make sure that you're not
+choosing bash in disguise, as it is unclear if it avoids the security issue.
+
+Another potential fix is to ensure that the user's home directory is not a
+shared mount and that they have no means of copying files outside of their
+restricted directories. This may require you to force the enabling of symlink
+munging on the server side.
+
+A future version of openssh may have a change to the handling of forced
+commands that allows it to avoid using the user's home shell.
+
## EXAMPLES
The `~/.ssh/authorized_keys` file might have lines in it like this:
--
The rsync repository.
More information about the rsync-cvs
mailing list