Re: Security in a shell that starts ssh
On Tue, Jun 12, 2001 at 11:40:08PM +0200, Miquel Mart?n L?pez <miquel@casal.upc.es> wrote:
> #include <stdio.h>
>
> main(){
> int i=0;
> char name[10];
>
> write(1,"Login as: ",10);
>
> while(i<10)
> {
> read(0,&name[i],1);
> if (name[i]=='\n') {name[i]='\0';i=100;}
> i++;
> }
> execlp("/usr/bin/ssh","ssh","foo.foo.es","-l",name,(char *)0);
> }
You will end up with an unterminated string for name if someone enters
more than 10 characters. Perhaps the following is better. Note that its
untested and that I take no responsibility if it fires nucleair
missiles in stead of behaving like you wanted. :)
#include <stdio.h>
int main()
{
char name[21];
printf("Login as: ");
fflush(stdout);
if(fgets(name, 21, stdin)) {
if(name[strlen(name) - 1] != '\n')
fprintf(stderr, "Username to long.\n");
else {
name[strlen(name) - 1] = '\0';
execlp("/usr/bin/ssh", "ssh", "-l", name, "foo.foo.es", (char *)0);
}
}
return 0;
}
Oh, and notice you can use stdout, stdin and stderr in stead of
numbers. Makes the whole thing somewhat more readable.
And finally: if you're using OpenSSH the -l loginname switch should be
placed before the hostname, so I've also changed that.
Enjoy,
Tim
--
Tim van Erven
tripudium@chello.nl
talerven@wins.uva.nl
Reply to: