ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-04-21 22:54:48 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

pass on sever process environment to child processes (option -e) (#118)

Browse Source
This commit is contained in:
Roland Vollgraf 2021-08-19 17:13:41 +02:00 committed by GitHub
parent 846d38fe43
commit 2157d52352
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 21 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
dropbear.8
View File

@ -35,6 +35,11 @@ Don't fork into background.
.B \-E .B \-E
Log to standard error rather than syslog. Log to standard error rather than syslog.
.TP .TP
.B \-e
Pass on the server environment to all child processes. This is required, for example,
if dropbear is launched on the fly from a SLURM workload manager. The enviroment is not
passed by default. Note that this can be a potential security risk.
.TP
.B \-m .B \-m
Don't display the message of the day on login. Don't display the message of the day on login.
.TP .TP

2
runopts.h
View File

@ -130,6 +130,8 @@ typedef struct svr_runopts {
char *pubkey_plugin_options; char *pubkey_plugin_options;
#endif #endif
int pass_on_env;
} svr_runopts; } svr_runopts;
extern svr_runopts svr_opts; extern svr_runopts svr_opts;

14
svr-chansession.c
View File

@ -943,19 +943,21 @@ static void execchild(const void *user_data) {
seedrandom(); seedrandom();
#endif #endif
/* clear environment */ /* clear environment if -e was not set */
/* if we're debugging using valgrind etc, we need to keep the LD_PRELOAD /* if we're debugging using valgrind etc, we need to keep the LD_PRELOAD
* etc. This is hazardous, so should only be used for debugging. */ * etc. This is hazardous, so should only be used for debugging. */
if ( !svr_opts.pass_on_env) {
#ifndef DEBUG_VALGRIND #ifndef DEBUG_VALGRIND
#ifdef HAVE_CLEARENV #ifdef HAVE_CLEARENV
clearenv(); clearenv();
#else /* don't HAVE_CLEARENV */ #else /* don't HAVE_CLEARENV */
/* Yay for posix. */ /* Yay for posix. */
if (environ) { if (environ) {
environ[0] = NULL; environ[0] = NULL;
} }
#endif /* HAVE_CLEARENV */ #endif /* HAVE_CLEARENV */
#endif /* DEBUG_VALGRIND */ #endif /* DEBUG_VALGRIND */
}
#if DROPBEAR_SVR_MULTIUSER #if DROPBEAR_SVR_MULTIUSER
/* We can only change uid/gid as root ... */ /* We can only change uid/gid as root ... */

6
svr-runopts.c
View File

@ -64,6 +64,7 @@ static void printhelp(const char * progname) {
"-R Create hostkeys as required\n" "-R Create hostkeys as required\n"
#endif #endif
"-F Don't fork into background\n" "-F Don't fork into background\n"
"-e Pass on server process environment to child process\n"
#ifdef DISABLE_SYSLOG #ifdef DISABLE_SYSLOG
"(Syslog support not compiled in, using stderr)\n" "(Syslog support not compiled in, using stderr)\n"
#else #else
@ -173,6 +174,7 @@ void svr_getopts(int argc, char ** argv) {
svr_opts.pubkey_plugin = NULL; svr_opts.pubkey_plugin = NULL;
svr_opts.pubkey_plugin_options = NULL; svr_opts.pubkey_plugin_options = NULL;
#endif #endif
svr_opts.pass_on_env = 0;
#ifndef DISABLE_ZLIB #ifndef DISABLE_ZLIB
opts.compress_mode = DROPBEAR_COMPRESS_DELAYED; opts.compress_mode = DROPBEAR_COMPRESS_DELAYED;
@ -223,6 +225,10 @@ void svr_getopts(int argc, char ** argv) {
opts.usingsyslog = 0; opts.usingsyslog = 0;
break; break;
#endif #endif
case 'e':
svr_opts.pass_on_env = 1;
break;
#if DROPBEAR_SVR_LOCALTCPFWD #if DROPBEAR_SVR_LOCALTCPFWD
case 'j': case 'j':
svr_opts.nolocaltcp = 1; svr_opts.nolocaltcp = 1;