[Bug 131] Problems with sshd's compiled in default PATH.

[bugzilla-daemon at mindrot.org]

http://bugzilla.mindrot.org/show_bug.cgi?id=131





------- Additional Comments From smithj9870 at yahoo.com  2002-03-02 03:03 -------
About the shell initialization files:  I MUST strongly disagree with this
statement from both a security and system administration point of view.  Your
solution does not change the fact that the potentially dangerous/insecure path
is still compiled into the sshd binary, plus it is the responsibility of the ssh
subsystem to configure itself properly.  This path is required by the ssh daemon
so it can find its scp program, it should NOT be up to the sys admin to modify
every possible shell config file to fix this potential problem and security
hole.  Also, editing one config file is much simpler than editing at least two
(and maybe more) shell config files.  Since sshd makes the requirement that it
has to be able to find its scp program, it should be up to the ssh subsystem to
solve the problem and not leave it to shell config files.  I find your suggested
solution totally unacceptable and ask that you think about this problem a little
more.

About /etc/ssh/environment:  I did not see this mentioned in the ssh
documentation/man pages, only the $HOME/.ssh/environment file.  Will this always
be read even if the user has the corresponding file in their home directory and
will it override the PATH setting compiled into the sshd binary?

~Jason




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.