TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-08-14 06:57:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

ssh/tailssh: replace incubator process with su instead of running su as child

Browse Source 
This allows the SSH_AUTH_SOCK environment variable to work inside of
su and agent forwarding to succeed.

Fixes #12467

Signed-off-by: Percy Wegmann <percy@tailscale.com>
This commit is contained in:
Percy Wegmann
2024-06-14 13:28:39 -05:00
committed by Percy Wegmann
parent 24976b5bfd
commit 730f0368d0
5 changed files with 202 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
ssh/tailssh/incubator.go
View File

@@ -400,8 +400,12 @@ func tryExecLogin(dlogf logger.Logf, ia incubatorArgs) error {
}
loginArgs := ia.loginArgs(loginCmdPath)
dlogf("logging in with %s %+v", loginCmdPath, loginArgs)
// replace the running process
return unix.Exec(loginCmdPath, loginArgs, os.Environ())
// If Exec works, the Go code will not proceed past this:
err = unix.Exec(loginCmdPath, loginArgs, os.Environ())
// If we made it here, Exec failed.
return err
}
// trySU attempts to start a login shell using su. If su is available and
@@ -438,8 +442,12 @@ func trySU(dlogf logger.Logf, ia incubatorArgs) (handled bool, err error) {
}
dlogf("logging in with %s %q", su, loginArgs)
cmd := newCommand(ia.hasTTY, su, loginArgs)
return true, cmd.Run()
// If Exec works, the Go code will not proceed past this:
err = unix.Exec(su, loginArgs, os.Environ())
// If we made it here, Exec failed.
return true, err
}
// findSU attempts to find an su command which supports the -l and -c flags.