vulnerabilities in scponly
Dries Schellekens
gwyllion at ace.ulyssis.org
Wed Aug 21 19:36:37 EST 2002
On Tue, 20 Aug 2002, Derek D. Martin wrote:
> It certainly would be better and easier for the developers of such a
> shell if the OpenSSH developers would provide a way to ignore the
> user's environment completely. Again, I'm surprised they have not
> done so. Perhaps they do not realize the demand for system
> administrators to be able to provide this functionality? I would
> offer to work on providing this functionality in OpenSSH, but when I
> posted to the developer's list concerning the availability of rssh and
> contributing it to the OpenSSH project, I only received a response
> from one person, who AFAIK is not an OpenSSH developer (though I
> originally thought he was). Perhaps the OpenSSH team has no interest
> in providing this sort of functionality (this is how I have taken
> their lack of response). That would be unfortunate for the many
> people who use OpenSSH and desire such functionality. I've had a few
> ideas for extending rssh and improving security, but at this time it
> seems rather pointless.
PermitUserEnvironment was added 3 weeks ago.
More information about the openssh-unix-dev
mailing list