any concerns about including TZ in AcceptEnv
Damien Miller
djm at mindrot.org
Wed Jun 11 16:54:42 EST 2014
On Tue, 10 Jun 2014, Daniel Kahn Gillmor wrote:
> Hi OpenSSH folks--
>
> this is more of a configuration question than a development question, i
> think, but:
>
> Are there any caveats worth being aware of about including the TZ
> variable in AcceptEnv for sshd_config by default?
>
> I don't see any particular risk, but if there are gotchas people know
> about, i'd be happy to be made aware of them.
some libc accept full paths to TZ files, so if you have any sort of restricted
environment then you'd be trusting the TZ parser there.
More information about the openssh-unix-dev
mailing list