[Bug 815] RFE: sshd should be able to set environment variables defined by the client
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Wed Mar 31 03:00:05 EST 2004
http://bugzilla.mindrot.org/show_bug.cgi?id=815
------- Additional Comments From roland.mainz at nrubsig.org 2004-03-31 03:00 -------
Damien Miller wrote:
> ssh gains an option "SendEnv", which specifies which environment variables may
> be sent. sshd gains "AllowEnv",
What about the explicit "reject" list ?
> which controls what environment variables are
> accepted (I don't much like this option, it may go away in favour of a fixed
> list).
A hardcoded list may be bad. If someone finds a possible exploit via the
"env-var"-forwarding it may be a good idea to have a quick way for admins to
block the env var used for that.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list