mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-15 12:54:27 +00:00
535af610a4
Excerpts from the release notes: * ssh-agent(1): PKCS#11 modules must now be specified by their full paths. Previously dlopen(3) could search for them in system library directories. * ssh(1): allow forwarding Unix Domain sockets via ssh -W. * ssh(1): add support for configuration tags to ssh(1). This adds a ssh_config(5) "Tag" directive and corresponding "Match tag" predicate that may be used to select blocks of configuration similar to the pf.conf(5) keywords of the same name. * ssh(1): add a "match localnetwork" predicate. This allows matching on the addresses of available network interfaces and may be used to vary the effective client configuration based on network location. * ssh-agent(1): improve isolation between loaded PKCS#11 modules by running separate ssh-pkcs11-helpers for each loaded provider. * ssh-agent(1), ssh(1): improve defences against invalid PKCS#11 modules being loaded by checking that the requested module contains the required symbol before loading it. * ssh(1): don't incorrectly disable hostname canonicalization when CanonicalizeHostname=yes and ProxyJump was expicitly set to "none". bz3567 Full release notes at https://www.openssh.com/txt/release-9.4 Relnotes: Yes Sponsored by: The FreeBSD Foundation
68 lines
1.4 KiB
Bash
68 lines
1.4 KiB
Bash
# $OpenBSD: agent-ptrace.sh,v 1.5 2022/04/22 05:08:43 anton Exp $
|
|
# Placed in the Public Domain.
|
|
|
|
tid="disallow agent ptrace attach"
|
|
|
|
if have_prog uname ; then
|
|
case `uname` in
|
|
AIX|CYGWIN*|OSF1)
|
|
echo "skipped (not supported on this platform)"
|
|
exit 0
|
|
;;
|
|
esac
|
|
fi
|
|
|
|
if [ "x$USER" = "xroot" ]; then
|
|
echo "Skipped: running as root"
|
|
exit 0
|
|
fi
|
|
|
|
if have_prog gdb ; then
|
|
: ok
|
|
else
|
|
echo "skipped (gdb not found)"
|
|
exit 0
|
|
fi
|
|
|
|
if $OBJ/setuid-allowed ${SSHAGENT} ; then
|
|
: ok
|
|
else
|
|
echo "skipped (${SSHAGENT} is mounted on a no-setuid filesystem)"
|
|
exit 0
|
|
fi
|
|
|
|
if test -z "$SUDO" ; then
|
|
echo "skipped (SUDO not set)"
|
|
exit 0
|
|
else
|
|
$SUDO chown 0 ${SSHAGENT}
|
|
$SUDO chgrp 0 ${SSHAGENT}
|
|
$SUDO chmod 2755 ${SSHAGENT}
|
|
trap "$SUDO chown ${USER} ${SSHAGENT}; $SUDO chmod 755 ${SSHAGENT}" 0
|
|
fi
|
|
|
|
trace "start agent"
|
|
eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s` > /dev/null
|
|
r=$?
|
|
if [ $r -ne 0 ]; then
|
|
fail "could not start ssh-agent: exit code $r"
|
|
else
|
|
# ls -l ${SSH_AUTH_SOCK}
|
|
gdb ${SSHAGENT} ${SSH_AGENT_PID} > ${OBJ}/gdb.out 2>&1 << EOF
|
|
quit
|
|
EOF
|
|
r=$?
|
|
if [ $r -ne 0 ]; then
|
|
fail "gdb failed: exit code $r"
|
|
fi
|
|
egrep 'Operation not permitted.|Permission denied.|Invalid argument.|Unable to access task|Inappropriate ioctl for device.' >/dev/null ${OBJ}/gdb.out
|
|
r=$?
|
|
rm -f ${OBJ}/gdb.out
|
|
if [ $r -ne 0 ]; then
|
|
fail "ptrace succeeded?: exit code $r"
|
|
fi
|
|
|
|
trace "kill agent"
|
|
${SSHAGENT} -k > /dev/null
|
|
fi
|