5.0 vs 5.1 remote command execution

Kaizaad Bilimorya kaizaad at sharcnet.ca
Fri Dec 12 03:58:01 EST 2008


I am experiencing some strange behaviour that I am hoping someone can 
shed some light on.

OS and kernel:
Red Hat Enterprise Linux AS release 4 (Nahant Update 5)
Linux host135 2.6.9-67.9hp.7sp.XCsmp #1 SMP Thu Jul 3 18:55:59 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux

built both openssh-5.0p1 and openssh-5.1p1 with the following options:
./configure --prefix=/usr --libexecdir=/usr/libexec/openssh --localstatedir=/var/empty/sshd \
--sysconfdir=/etc/ssh --with-pam --with-md5-passwords --with-zlib=/home/XXX/software/zlib-1.2.3 \

With everything else being identical and just swapping the sshd binaries, 
I noticed the following:

# ssh -v host135
debug1: match: OpenSSH_5.0 pat OpenSSH*
# ssh host135 'echo $PATH'

# ssh -v host135
debug1: match: OpenSSH_5.1 pat OpenSSH*
# ssh host135 'echo $PATH'

According to the docs, the behaviour exhibited by v5.1 is correct, remote 
command execution should not process the user's login shell and env. But 
why was this happening in v5.0? I can't find anything in the 5.1 change 
log that explains this change in behaviour.


More information about the openssh-unix-dev mailing list