[Bug 131] Problems with sshd's compiled in default PATH.
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sat Mar 2 05:42:18 EST 2002
http://bugzilla.mindrot.org/show_bug.cgi?id=131
------- Additional Comments From mouring at eviladmin.org 2002-03-02 05:42 -------
Two things.
1. --with-default-path will disable OpenSSH adding in the $PREFIX/bin (we
assume that since you are smart enough to set your own default path, you will
be smart enough to know where you are putting scp).
2. 'subsystems' vs 'remote exec'. Use the right terms if you are going to
argue for including a feature. Otherwise it makes you look like you've not
bothered to learn the product.
No, I still don't feel this is a security hole unless you are doing stupid
things like --with-prefix=/home/user/ while building your package. And if
you are then we can not do much stop you from doing stupid things. =)
And I have nothing against something called 'DefaultPATH'.. I do have something
against people shouting the sky is falling. As I said.. drop the 'It is a
security issue', provide a patch, and show
that /etc/profile, /etc/ssh/enviroment, etc are not valid generic solutions.
Relocatable packages are problematic at best depending on the web of
dependancies.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-unix-dev
mailing list