From e93d9ff305f469fff5328ce0f4bdb8b4e5d8182e Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Sun, 31 Mar 2019 22:09:54 +0100 Subject: [PATCH] Uppity: clear some key environment vars in subprocesses. My helper scripts for invoking Uppity have been manually unsetting things like XAUTHORITY and SSH_AUTH_SOCK, to avoid accidentally passing them through from my primary login session, so that I don't get confused about whether agent forwarding is happening, or end up with one DISPLAY going with a different XAUTHORITY. Now I clear these within Uppity itself, so the wrapping script won't have to. --- sesschan.c | 17 ++++++++++++++++- sshserver.h | 3 ++- unix/uxpty.c | 10 ++++++++-- 3 files changed, 26 insertions(+), 4 deletions(-) diff --git a/sesschan.c b/sesschan.c index 39e7f7fd..84007644 100644 --- a/sesschan.c +++ b/sesschan.c @@ -280,9 +280,24 @@ static void sesschan_set_input_wanted(Channel *chan, bool wanted) static void sesschan_start_backend(sesschan *sess, const char *cmd) { + /* + * List of environment variables that we should not pass through + * from the login session Uppity was run in (which, it being a + * test server, there will usually be one of). These variables + * will be set as part of X or agent forwarding, and shouldn't be + * confusingly set in the absence of that. + * + * (DISPLAY must also be cleared, but uxpty.c will do that anyway + * when our get_x_display method returns NULL.) + */ + static const char *const env_to_unset[] = { + "XAUTHORITY", "SSH_AUTH_SOCK", "SSH_AGENT_PID", + NULL /* terminator */ + }; + sess->backend = pty_backend_create( &sess->seat, sess->child_logctx, sess->conf, NULL, cmd, - sess->ttymodes, !sess->want_pty); + sess->ttymodes, !sess->want_pty, env_to_unset); backend_size(sess->backend, sess->wc, sess->hc); } diff --git a/sshserver.h b/sshserver.h index 6d6d14ef..1f0be6e7 100644 --- a/sshserver.h +++ b/sshserver.h @@ -102,7 +102,8 @@ Channel *sesschan_new(SshChannel *c, LogContext *logctx, Backend *pty_backend_create( Seat *seat, LogContext *logctx, Conf *conf, char **argv, const char *cmd, - struct ssh_ttymodes ttymodes, bool pipes_instead_of_pty); + struct ssh_ttymodes ttymodes, bool pipes_instead_of_pty, + const char *const *env_vars_to_unset); int pty_backend_exit_signum(Backend *be); ptrlen pty_backend_exit_signame(Backend *be, char **aux_msg); diff --git a/unix/uxpty.c b/unix/uxpty.c index 2f182b43..437eba49 100644 --- a/unix/uxpty.c +++ b/unix/uxpty.c @@ -857,7 +857,8 @@ static void copy_ttymodes_into_termios( */ Backend *pty_backend_create( Seat *seat, LogContext *logctx, Conf *conf, char **argv, const char *cmd, - struct ssh_ttymodes ttymodes, bool pipes_instead) + struct ssh_ttymodes ttymodes, bool pipes_instead, + const char *const *env_vars_to_unset) { int slavefd; pid_t pid, pgrp; @@ -1088,6 +1089,11 @@ Backend *pty_backend_create( close(ptyfd); } setpgid(pgrp, pgrp); + + if (env_vars_to_unset) + for (const char *const *p = env_vars_to_unset; *p; p++) + unsetenv(*p); + if (!pipes_instead) { char *term_env_var = dupprintf("TERM=%s", conf_get_str(conf, CONF_termtype)); @@ -1268,7 +1274,7 @@ static const char *pty_init(Seat *seat, Backend **backend_handle, cmd = pty_argv[0]; *backend_handle= pty_backend_create( - seat, logctx, conf, pty_argv, cmd, modes, false); + seat, logctx, conf, pty_argv, cmd, modes, false, NULL); *realhost = dupstr(""); return NULL; }