PermitUserEnvironment in sshd match block?
Daniel Allen
drallen at cs.uwaterloo.ca
Fri Sep 4 23:46:12 EST 2009
Daniel Allen wrote:
> Would the best answer be a patch that adds PermitUserEnvironment
support
> inside match blocks?
Darren Tucker wrote:
> The approach to adding things to Match has been on a case by case
basis,
> checking if the thing is a) useful and b) safe. It's a lot easier to
> evaluate these thing one at a time than in a large batch of them.
Damien Miller wrote:
> We could make PermitUserEnvironment accept a pattern-list to match
> environment variables, while retaining "yes", "no", "true" and
"false"
> as their current meanings of allow/deny-all.
Both (or either) of these options would meet our current needs very
well. The pattern-list would seem the more elegant approach for our
use. I am sorry that I don't have the wherewithal to submit a patch
now, though if it helps things along I'd be happy to submit a bugzilla
request. Or not, if you prefer.
Thanks for your work,
Daniel Allen
Computing Technology Specialist
Computer Science Computing Facility (CSCF)
David R. Cheriton School of Computer Science
University of Waterloo
(519) 888-4567 ext. 35448
drallen at uwaterloo dot ca
More information about the openssh-unix-dev
mailing list