[Bug 1346] PAM environment takes precedence over SendEnv

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sat Dec 13 21:52:15 EST 2008


https://bugzilla.mindrot.org/show_bug.cgi?id=1346





--- Comment #12 from Damien Miller <djm at mindrot.org>  2008-12-13 21:52:13 ---
If locale-related environment variables were all that were handled by
SendEnv/PAM then there would be no argument - we would happily allow
SendEnv to take precedence. Unfortunately this is not the case and I
generally think that env variables specified by a security subsystem
(e.g. PAM) should "win". Given that an administrator must explicitly
enable AcceptEnv anyway, this doesn't seem too unreasonable.

As a workaround, you can "rename" the locale variables at the client.
E.g. by placing SSH_LANG=$LANG in your environment and SendEnv'ing
SSH_LANG instead of LANG. At the sshd end, your shell initialisation
can look for SSH_LANG and, if it is present, apply it - potentially
overriding anything set by the admin.

Finally, if I understand correctly, there is little standardisation of
the contents of LANG and LC_* so sending anything in them is bound to
be fragile.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list