feature request: use HOME before getpwnam() in misc.c

matthew patton pattonme at yahoo.com
Fri May 19 07:51:04 AEST 2017

it's really^3 annoying that no matter the value of $HOME, that tilde_expand_filename() only looks at getpwnam() and friends instead of at least trying getenv("HOME").

What is the use case?

ssh -i ~/.ssh/key1

ssh -i ~/.ssh/key2

but getpwnam() defeats this by always accessing what's in the passwd file. So .ssh/known_hosts is likewise read/written outside of $HOME/.ssh/ and the config files too don't remain in local scope.

Sure 99% of users $HOME = pw->pw_dir, but there are a zillion programs that honor $HOME, so why doesn't the SSH client? Is the concern that SSHD obviously should get caught up honoring a problematic path when evaluating Authorized_Keys? Well then have a flag that forces just the use of getpwnam() for paths that are sensitive. Though frankly, I think this case can be narrowed further to just when euid=0 and should blithely use HOME when the daemon was launched by a user on a high port (eg. sshd -D -d).


More information about the openssh-unix-dev mailing list