PermitUserEnvironment

Daniel Allen drallen at cs.uwaterloo.ca
Sat Jul 17 07:26:30 EST 2010


Daniel Allen wrote on May 26 18:14:31 EST 2010:
 > Daniel Allen wrote on Fri Sep 4 23:46:12 EST 2009:
 > > Damien Miller wrote:
 > >
 > > > We could make PermitUserEnvironment accept a pattern-list to  
match
 > > > environment variables, while retaining "yes", "no", "true" and   
"false"
 > > > as their current meanings of allow/deny-all.
 > >
 > > [...]  The pattern-list would seem the more elegant approach for  
our
 > > use.
 >
 > I'd like to let you know that we're reviewing a patch which does  
just as
 > described, to accept a pattern for PermitUserEnvironment. It  
affects vars
 > defined in $HOME/.ssh/environment and authorized_keys. It
 > accepts a single pattern, which is used as a case-insensitive  
prefix for
 > allowed variables. I will send along the patch as soon as I've had  
a few
 > colleagues review it.

And here, at last, is the patch, which will go into production in the  
University
of Waterloo campus environment Real Soon Now.  Feedback welcome.

Note that while the patch refers to openssh-5.4p1, it patches cleanly
against 5.5p1 as well. (I'd love to see this make it into the next  
release!)

Thanks,
Daniel Allen
Computing Technology Specialist
Computer Science Computing Facility (CSCF)
David R. Cheriton School of Computer Science
University of Waterloo
(519) 888-4567 ext. 35448
drallen at uwaterloo dot ca


-------------- next part --------------



More information about the openssh-unix-dev mailing list