PermitUserEnvironment in sshd match block?

Daniel Allen drallen at cs.uwaterloo.ca
Fri Sep 4 23:46:12 EST 2009


Daniel Allen wrote:

 > Would the best answer be a patch that adds PermitUserEnvironment  
support
 > inside match blocks?

Darren Tucker wrote:

 > The approach to adding things to Match has been on a case by case  
basis,
 > checking if the thing is a) useful and b) safe.  It's a lot easier to
 > evaluate these thing one at a time than in a large batch of them.

Damien Miller wrote:

 > We could make PermitUserEnvironment accept a pattern-list to match
 > environment variables, while retaining "yes", "no", "true" and  
"false"
 > as their current meanings of allow/deny-all.

Both (or either) of these options would meet our current needs very  
well.  The pattern-list would seem the more elegant approach for our  
use.  I am sorry that I don't have the wherewithal to submit a patch  
now, though if it helps things along I'd be happy to submit a bugzilla  
request.  Or not, if you prefer.

Thanks for your work,
Daniel Allen

Computing Technology Specialist
Computer Science Computing Facility (CSCF)
David R. Cheriton School of Computer Science
University of Waterloo
(519) 888-4567 ext. 35448
drallen at uwaterloo dot ca



More information about the openssh-unix-dev mailing list