PermitUserEnvironment in sshd match block?

[Damien Miller]

On Wed, 26 Aug 2009, david knodel wrote:

> Hi, I just thought I might propose a mechanism that would decrease the
> security risks of enabling PermitUserEnvironment:
>
> If there were some way in the config file to limit what variables
> are allowed to be passed, this would let administrators tailor the
> permitted environment configuration to their O/S and organisation.

We could make PermitUserEnvironment accept a pattern-list to match
environment variables, while retaining "yes", "no", "true" and "false"
as their current meanings of allow/deny-all.

-d