[Bug 1800] New: PermitUserEnvironment accepting pattern of allowed userenv variables
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Sun Jul 18 14:18:42 EST 2010
https://bugzilla.mindrot.org/show_bug.cgi?id=1800
Summary: PermitUserEnvironment accepting pattern of allowed
userenv variables
Product: Portable OpenSSH
Version: 5.5p1
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component: sshd
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: dada.da+mindrot at gmail.com
Created attachment 1901
--> https://bugzilla.mindrot.org/attachment.cgi?id=1901
diff for patching 5.5p1 and 5.4p1
"PermitUserEnvironment=Yes" security risks could be mitigated by
allowing sshd to allow selected user-environment variables. I have
written a patch which allows sshd configuration to specify:
"PermitUserEnvironment=VAR"
This passes user environment variables (from $USER/.ssh/environment
and/or $USER/.ssh/authorized_keys) starting with VAR, ignoring all
other environment variables not previously copied by sshd.
The default option for PermitUserEnvironment is unchanged; it still
defaults to "No".
As a second effect, if PermitUserEnvironment is set to the default
"No", but an "environment=" option is specified in authorized_keys, the
key is no longer rejected with a "Bad options in file" error, but
instead silently ignores the "environment=" option, which is similar to
the behaviour of other options such as "permitopen=".
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list