[gvfs] sftp: Add "PermitLocalCommand no" to the OpenSSH commandline

From: Ross Lagerwall <rossl src gnome org>
To: commits-list gnome org
Cc:
Subject: [gvfs] sftp: Add "PermitLocalCommand no" to the OpenSSH commandline
Date: Fri, 15 Nov 2013 14:59:51 +0000 (UTC)

commit 100dbd9a53efc0dd18a6e0f9dc7083ed584ffbee
Author: Ross Lagerwall <rosslagerwall gmail com>
Date:   Thu Nov 14 16:50:46 2013 +0200

    sftp: Add "PermitLocalCommand no" to the OpenSSH commandline
    
    Add "PermitLocalCommand no" to the OpenSSH commandline to prevent
    user-configured commands running and interfering with the sftp session.
    This is what the OpenSSH sftp client does.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=639599

 daemon/gvfsbackendsftp.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)
---
diff --git a/daemon/gvfsbackendsftp.c b/daemon/gvfsbackendsftp.c
index 99bfd5a..23d5b00 100644
--- a/daemon/gvfsbackendsftp.c
+++ b/daemon/gvfsbackendsftp.c
@@ -435,6 +435,7 @@ setup_ssh_commandline (GVfsBackend *backend)
     {
       args[last_arg++] = g_strdup ("-oForwardX11 no");
       args[last_arg++] = g_strdup ("-oForwardAgent no");
+      args[last_arg++] = g_strdup ("-oPermitLocalCommand no");
       args[last_arg++] = g_strdup ("-oClearAllForwardings yes");
       args[last_arg++] = g_strdup ("-oProtocol 2");
       args[last_arg++] = g_strdup ("-oNoHostAuthenticationForLocalhost yes");

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]