[Bug 2050] Support XDG basedir specification

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Dec 15 00:51:38 AEDT 2020


https://bugzilla.mindrot.org/show_bug.cgi?id=2050

--- Comment #17 from Dmitry V. Levin <ldv at altlinux.org> ---
(In reply to Drew DeVault from comment #16)
> (In reply to Dmitry V. Levin from comment #15)
> > Adding support for an extra place where to look for security
> > sensitive information would introduce a major security risk,
> > therefore openssh should not change its default behavior in this
> > respect.  If it ever changed, we downstream maintainers would
> > certainly patch it out.
> 
> And how exactly does it pose a major security risk?

The risk is that sensitive data would be accessed from a less secure
location than ~/.ssh/.  I saw setups where ~/ and ~/.ssh/ directories
were out of user control, these setups would break.

You're talking about defaults, they shouldn't change this way.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list