[Bug 131] Problems with sshd's compiled in default PATH.

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sat Mar 2 09:32:24 EST 2002


------- Additional Comments From smithj9870 at yahoo.com  2002-03-02 09:32 -------
> % grep _PATH_DEFPATH /usr/include/paths.h 
> #define _PATH_DEFPATH  
> "/usr/bin:/bin:/usr/sbin:/sbin:/usr/X11R6/bin:/usr/local/bin"
> i don't see why it's insecure to use this path.

Where did I ever mention _PATH_DEFPATH?  Your point here is completely
irrelevent to what I was talking about.

> "the simplest and correct solution is to have a config option
> that tells sshd where scp is"
> that's very wrong.  sshd should not know about scp at all.
> it has nothing to do with scp.

If sshd is going to execute scp on behalf of the user because of a remote scp
command, then you are wrong, it should know exactly what it is executing and
from where.  It should NOT rely on the user to have setup their path correctly. 
If you are talking about an interactive shell then you are correct.  But these
are two completely different cases!

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the openssh-unix-dev mailing list