[Bug 1504] New: Allow the user to change the environment in a secure way

Wed Aug 13 23:41:10 EST 2008

https://bugzilla.mindrot.org/show_bug.cgi?id=1504

           Summary: Allow the user to change the environment in a secure
                    way
           Product: Portable OpenSSH
           Version: 5.1p1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: sshd
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: vincent at vinc17.org

OpenSSH should have a way to allow the user to change the environment
in a secure way. Using .profile (or similar) is not a solution since
such rc files are not always sourced when a command is used, such as in

  ssh -t <host> env

with the official bash (not Debian's) on the remote side.

The ~/.ssh/environment solution cannot be used in practice since:

1. Values are hardcoded in the file (I have not tried, though, but
things like `program` are not documented, so I suppose that this isn't
possible).

2. PermitUserEnvironment is set to "no" by default, and would remain to
"no" anyway if there are access restrictions (I wonder if this is
really useful though, because ~/.ssh/rc probably allows the user to do
much more).

So, I think that sshd should have an option to allow the user to set
the chosen remote shell independently of his login shell (which could
also be a wrapper to the login shell, that sets up the environment).
This is more or less a shorthand of: ssh ... "exec my_shell -lc ..."

Alternatively, make the ~/.ssh/environment mechanism more flexible (not
just "yes" or "no", and in some conditions, allow the user to run
programs such as LC_CTYPE=`command` -- but as the user can run programs
in his ~/.ssh/rc file, I don't think this is a problem here).

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.