What risk is X11Forward to a server?

Ed Phillips ed at UDel.Edu
Fri Oct 26 23:14:04 EST 2001

On Thu, 25 Oct 2001, Bob Proulx wrote:

> Date: Thu, 25 Oct 2001 16:49:25 -0600
> From: Bob Proulx <bob at proulx.com>
> To: Ed Phillips <ed at UDel.Edu>
> Cc: Jim Knoble <jmknoble at pobox.com>, openssh-unix-dev at mindrot.org,
>      Dave Dykstra <dwd at bell-labs.com>
> Subject: Re: What risk is X11Forward to a server?
> > That brings up a quick question I forgot...
> >
> > How do you change the compiled-in PATH that sshd uses by default?
> I don't think it is currently possible.  That is one thing that I have
> really needed/wanted with ssh.  The ability to set the PATH in the
> site sshd_config file.
> Traditionally the rsh command (as implemented on SysV systems such as
> hpux which is where my experience comes from) implements
> /usr/local/bin:/usr/bin:/bin, etc., the operative directory being
> /usr/local/bin.  But openssh does not.  Which means I always need to
> recompile with a that path addition in order to make it compatible
> with rsh on our systems.  And that really makes sense.  I don't want
> to have to include the full path to a command in scripts.  But does
> not completely solve the problem because even that does not handle
> nonstandard path locations.

Yeah... and on Solaris there is the /etc/default/login PATH setting...
which login and other apps honor, but not sshd.  Maybe someone could make
sshd honor that in Solaris?  I'm not sure what that would entail but it
sounds easy in concept...

> I would really like to see /usr/local/bin/ added to the default build.
> But I realize that it is a system dependent value.  I don't think it
> is possible to implement a one size fits all value.  The best answer
> would probably be a way to configure this in the sshd_config file.  It
> is high on my wishlist.

Yes... the sshd_config file would be a good place for setting the default
PATH IMO.  It's something that you can distribute with stock values and
then customize it on particular systems.


Ed Phillips <ed at udel.edu> University of Delaware (302) 831-6082
Systems Programmer III, Network and Systems Services
finger -l ed at polycut.nss.udel.edu for PGP public key

More information about the openssh-unix-dev mailing list