From owner-freebsd-security Sun Jan 23 8:36:42 2000 Delivered-To: freebsd-security@freebsd.org Received: from david.siemens.de (david.siemens.de [192.35.17.14]) by hub.freebsd.org (Postfix) with ESMTP id 20DED14E43; Sun, 23 Jan 2000 08:36:35 -0800 (PST) (envelope-from ust@cert.siemens.de) X-Envelope-Sender-Is: ust@cert.siemens.de (at relayer david.siemens.de) Received: from mail1.siemens.de (mail1.siemens.de [139.23.33.14]) by david.siemens.de (8.9.3/8.9.3) with ESMTP id RAA19052; Sun, 23 Jan 2000 17:36:30 +0100 (MET) Received: from mars.cert.siemens.de (ust.mchp.siemens.de [139.23.201.17]) by mail1.siemens.de (8.9.3/8.9.3) with ESMTP id RAA20881; Sun, 23 Jan 2000 17:36:30 +0100 (MET) Received: from alaska.cert.siemens.de (reims.mchp.siemens.de [139.23.202.134]) by mars.cert.siemens.de (8.9.3/8.9.3/Siemens CERT [ $Revision: 1.3 ]) with ESMTP id RAA21809; Sun, 23 Jan 2000 17:36:29 +0100 (CET) (envelope-from ust@alaska.cert.siemens.de) Received: (from ust@localhost) by alaska.cert.siemens.de (8.9.3/8.9.3/alaska [ $Revision: 1.3 ]) id QAA15143; Sun, 23 Jan 2000 16:36:29 GMT (envelope-from ust) Date: Sun, 23 Jan 2000 17:36:29 +0100 From: Udo Schweigert To: freebsd-stable@freebsd.org, freebsd-security@freebsd.org Subject: OpenSSH, login_getpath and /etc/login.conf Message-ID: <20000123173629.A858@alaska.cert.siemens.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i X-Operating-System: FreeBSD 3.4-STABLE Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi all, using OpenSSH I notcied that I get the following PATH when logging in via ssh: ~/bin:/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin This got at least one port (print/a2ps-a4 when installing) to fail due to this PATH-variable. I tried to examine this a little and noticed two facts: 1) With the default setting of "UseLogin no" in /usr/local/etc/sshd_config, sshd calls login_getpath() which does not expand the ~-chars. 2) With a setting of "UseLogin yes" this behavior disappears since login() calls setusercontext() which expands the ~-chars. The question to me is: is login_getpath() bugy or should OpenSSH use login() by default (I don't know a reason why not). If so, we should use the following replacement for patches/patch-ao in the port: --- sshd_config.orig Sun Jan 23 17:00:35 2000 +++ sshd_config Sun Jan 23 17:01:53 2000 @@ -3,12 +3,13 @@ Port 22 #ListenAddress 0.0.0.0 #ListenAddress :: -HostKey /etc/ssh_host_key +HostKey __PREFIX__/etc/ssh_host_key ServerKeyBits 768 -LoginGraceTime 600 +LoginGraceTime 60 KeyRegenerationInterval 3600 -PermitRootLogin yes -# +PermitRootLogin no +# Rate-limit sshd connections to 5 connections per 10 seconds +ConnectionsPerPeriod 5/10 # Don't read ~/.rhosts and ~/.shosts files IgnoreRhosts yes # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication @@ -47,4 +48,4 @@ #KerberosTgtPassing yes #CheckMail yes -#UseLogin no +UseLogin yes Regards. ------------------------------------------------------------------------------- Udo Schweigert || Voice : +49 89 636 42170 Siemens AG, Siemens CERT || Fax : +49 89 636 41166 ZT IK 3 || email : Udo.Schweigert@mchp.siemens.de D-81730 Muenchen / Germany || : ust@cert.siemens.de PGP fingerprint || 2A 53 F6 A6 30 59 64 02 6B C4 E0 73 B2 C9 6C E7 ------------------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message