vulnerabilities in scponly

Dries Schellekens gwyllion at
Wed Aug 21 19:36:37 EST 2002

On Tue, 20 Aug 2002, Derek D. Martin wrote:

> It certainly would be better and easier for the developers of such a
> shell if the OpenSSH developers would provide a way to ignore the
> user's environment completely.  Again, I'm surprised they have not
> done so.  Perhaps they do not realize the demand for system
> administrators to be able to provide this functionality?  I would
> offer to work on providing this functionality in OpenSSH, but when I
> posted to the developer's list concerning the availability of rssh and
> contributing it to the OpenSSH project, I only received a response
> from one person, who AFAIK is not an OpenSSH developer (though I
> originally thought he was).  Perhaps the OpenSSH team has no interest
> in providing this sort of functionality (this is how I have taken
> their lack of response).  That would be unfortunate for the many
> people who use OpenSSH and desire such functionality.  I've had a few
> ideas for extending rssh and improving security, but at this time it
> seems rather pointless.

PermitUserEnvironment was added 3 weeks ago.

More information about the openssh-unix-dev mailing list