PermitUserEnvironment in sshd match block?

Daniel Allen drallen at
Fri Sep 4 23:46:12 EST 2009

Daniel Allen wrote:

 > Would the best answer be a patch that adds PermitUserEnvironment  
 > inside match blocks?

Darren Tucker wrote:

 > The approach to adding things to Match has been on a case by case  
 > checking if the thing is a) useful and b) safe.  It's a lot easier to
 > evaluate these thing one at a time than in a large batch of them.

Damien Miller wrote:

 > We could make PermitUserEnvironment accept a pattern-list to match
 > environment variables, while retaining "yes", "no", "true" and  
 > as their current meanings of allow/deny-all.

Both (or either) of these options would meet our current needs very  
well.  The pattern-list would seem the more elegant approach for our  
use.  I am sorry that I don't have the wherewithal to submit a patch  
now, though if it helps things along I'd be happy to submit a bugzilla  
request.  Or not, if you prefer.

Thanks for your work,
Daniel Allen

Computing Technology Specialist
Computer Science Computing Facility (CSCF)
David R. Cheriton School of Computer Science
University of Waterloo
(519) 888-4567 ext. 35448
drallen at uwaterloo dot ca

More information about the openssh-unix-dev mailing list