Daniel Allen drallen at
Sat Jul 17 07:26:30 EST 2010

Daniel Allen wrote on May 26 18:14:31 EST 2010:
 > Daniel Allen wrote on Fri Sep 4 23:46:12 EST 2009:
 > > Damien Miller wrote:
 > >
 > > > We could make PermitUserEnvironment accept a pattern-list to  
 > > > environment variables, while retaining "yes", "no", "true" and   
 > > > as their current meanings of allow/deny-all.
 > >
 > > [...]  The pattern-list would seem the more elegant approach for  
 > > use.
 > I'd like to let you know that we're reviewing a patch which does  
just as
 > described, to accept a pattern for PermitUserEnvironment. It  
affects vars
 > defined in $HOME/.ssh/environment and authorized_keys. It
 > accepts a single pattern, which is used as a case-insensitive  
prefix for
 > allowed variables. I will send along the patch as soon as I've had  
a few
 > colleagues review it.

And here, at last, is the patch, which will go into production in the  
of Waterloo campus environment Real Soon Now.  Feedback welcome.

Note that while the patch refers to openssh-5.4p1, it patches cleanly
against 5.5p1 as well. (I'd love to see this make it into the next  

Daniel Allen
Computing Technology Specialist
Computer Science Computing Facility (CSCF)
David R. Cheriton School of Computer Science
University of Waterloo
(519) 888-4567 ext. 35448
drallen at uwaterloo dot ca

-------------- next part --------------

More information about the openssh-unix-dev mailing list