[Bug 815] RFE: sshd should be able to set environment variables defined by the client

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Mar 31 03:00:05 EST 2004


http://bugzilla.mindrot.org/show_bug.cgi?id=815





------- Additional Comments From roland.mainz at nrubsig.org  2004-03-31 03:00 -------
Damien Miller wrote:
> ssh gains an option "SendEnv", which specifies which environment variables may
> be sent. sshd gains "AllowEnv",

What about the explicit "reject" list ?

> which controls what environment variables are
> accepted (I don't much like this option, it may go away in favour of a fixed
> list).

A hardcoded list may be bad. If someone finds a possible exploit via the
"env-var"-forwarding it may be a good idea to have a quick way for admins to
block the env var used for that.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list