Skip to content
Permalink
Browse files Browse the repository at this point in the history
security fix for optional ADC (admin-defined command) feature
Thanks to Dylan Simon for catching it...
  • Loading branch information
sitaramc committed Feb 15, 2011
1 parent 9b5793f commit 4ce00ae
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions src/gl-auth-command
Expand Up @@ -154,6 +154,7 @@ die "server is in slave mode; you can only fetch\n"
if ($GL_ADC_PATH and -d $GL_ADC_PATH) {
my ($cmd, @args) = split ' ', $ENV{SSH_ORIGINAL_COMMAND};
if (-x "$GL_ADC_PATH/$cmd") {
die "I don't like $cmd\n" if $cmd =~ /\.\./;
# yes this is rather strict, sorry.
do { die "I don't like $_\n" unless $_ =~ $ADC_CMD_ARGS_PATT } for ($cmd, @args);
&log_it("$GL_ADC_PATH/$ENV{SSH_ORIGINAL_COMMAND}");
Expand Down

0 comments on commit 4ce00ae

Please sign in to comment.