/bin/cvssh is in gforge-common 5.1.1-2.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 | #! /usr/bin/perl -w
#
# "Shell" for a restricted account, limiting the available commands
# Roland Mas, debian-sf (Sourceforge for Debian)
#
# Inspired from the grap.c file in Sourceforge 2.5
use strict ;
use vars qw/ @allowed_options @allowed_commands $errmsg @cmd / ;
use subs qw/ &reject / ;
no locale ;
use Text::ParseWords;
@allowed_options = ('-c', '-e') ;
@allowed_commands = ('cvs','scp','/usr/lib/openssh/sftp-server','svnserve','bzr','git-upload-pack','git-receive-pack','git-upload-archive') ;
# Clean up our environment
delete @ENV{qw(IFS CDPATH ENV BASH_ENV PATH)};
if ($#ARGV != 1) {
if ($#ARGV < 1) {
$errmsg = "Not enough arguments." ;
} else {
$errmsg = "Too many arguments." ;
}
&reject ;
}
if (scalar (grep { $_ eq $ARGV[0] } @allowed_options) == 0) {
$errmsg = "Option not allowed." ;
&reject ;
}
@cmd = shellwords ($ARGV[1]) ;
if ($#cmd < 0) {
$errmsg = "Command not allowed." ;
&reject ;
}
if (scalar (grep { $_ eq $cmd[0] } @allowed_commands) == 0) {
$errmsg = "Command not allowed." ;
&reject ;
}
exec @cmd ;
sub reject {
print "This is a restricted account.\n" .
"You cannot execute anything here.\n" .
# $errmsg . "\n" .
"Goodbye.\n" ;
exit 1 ;
}
|