I have an ssh box that runs Subversion and Mercurial services. On connection to this box, a script verifies that the user is only running mercurial or svn related commands:
#!/bin/bash
#
# Verify that the requested command is an svnserve call.
#
# Note that sshd stores the command requested by the client in
# the variable "SSH_ORIGINAL_COMMAND".
echo $SSH_ORIGINAL_COMMAND | grep -E '^hg -R'
ISHG=$?
if [[ $SSH_ORIGINAL_COMMAND = "svnserve -t" || $ISHG -eq 0 ]]
then
exec $SSH_ORIGINAL_COMMAND
else
echo "You are only allowed svn access to this server."
fi
The problem is, hg verification is not very clean or secure. If I include backticks in my remote ssh command, the "echo $SSH_ORIGINAL_COMMAND" line will happily execute it. Does anyone have any suggestions for cleaning this up a little bit?
Thanks!
Best Answer
Yeah. Don't use shell for that. Write a program in a language that would allow you to make sure that the only binaries it's going to execute are white-listed.