From a18bbd398e053acb58a79a2b4e0f13b4db8a0bae Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 13 May 2002 10:48:57 +1000 Subject: [PATCH] - (djm) Add --with-superuser-path=xxx configure option to specify what $PATH the superuser receives. --- ChangeLog | 6 +++++- configure.ac | 19 ++++++++++++++++++- session.c | 5 +++++ 3 files changed, 28 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index b617a79ef..c4e583fe1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20020513 + - (djm) Add --with-superuser-path=xxx configure option to specify what $PATH + the superuser receives. + 20020511 - (tim) [configure.ac] applied a rework of djm's OpenSSL search cleanup patch. Now only searches system and /usr/local/ssl (OpenSSL's default install path) @@ -567,4 +571,4 @@ - (stevesk) entropy.c: typo in debug message - (djm) ssh-keygen -i needs seeded RNG; report from markus@ -$Id: ChangeLog,v 1.2106 2002/05/11 22:30:04 tim Exp $ +$Id: ChangeLog,v 1.2107 2002/05/13 00:48:57 djm Exp $ diff --git a/configure.ac b/configure.ac index 637b14e40..1b8aa5e1c 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.56 2002/05/11 20:17:44 tim Exp $ +# $Id: configure.ac,v 1.57 2002/05/13 00:48:58 djm Exp $ AC_INIT AC_CONFIG_SRCDIR([ssh.c]) @@ -2011,6 +2011,19 @@ if test "$USES_LOGIN_CONF" != "yes" ; then AC_SUBST(user_path) fi +# Set superuser path separately to user path +MD5_MSG="no" +AC_ARG_WITH(superuser-path, + [ --with-superuser-path= Specify different path for super-user], + [ + if test "x$withval" != "xno" ; then + AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval") + superuser_path=$withval + fi + ] +) + + # Whether to force IPv4 by default (needed on broken glibc Linux) IPV4_HACK_MSG="no" AC_ARG_WITH(ipv4-default, @@ -2351,6 +2364,7 @@ E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` G=`eval echo ${piddir}` ; G=`eval echo ${G}` H=`eval echo ${user_path}` ; H=`eval echo ${H}` +I=`eval echo ${superuser_path}` ; I=`eval echo ${I}` echo "" echo "OpenSSH has been configured with the following options:" @@ -2365,6 +2379,9 @@ echo " At runtime, sshd will use the path defined in /etc/login.conf" else echo " sshd default user PATH: $H" fi +if test ! -z "$superuser_path" ; then +echo " sshd superuser user PATH: $I" +fi echo " Manpage format: $MANTYPE" echo " PAM support: ${PAM_MSG}" echo " KerberosIV support: $KRB4_MSG" diff --git a/session.c b/session.c index 20e6a889f..10d803e98 100644 --- a/session.c +++ b/session.c @@ -871,7 +871,12 @@ do_setup_env(Session *s, const char *shell) * needed for loading shared libraries. So the path better * remains intact here. */ +# ifdef SUPERUSER_PATH + child_set_env(&env, &envsize, "PATH", + s->pw->pw_uid == 0 ? SUPERUSER_PATH : _PATH_STDPATH); +# else child_set_env(&env, &envsize, "PATH", _PATH_STDPATH); +# endif /* SUPERUSER_PATH */ # endif /* HAVE_CYGWIN */ #endif /* HAVE_LOGIN_CAP */