5.0 vs 5.1 remote command execution

Kaizaad Bilimorya kaizaad at sharcnet.ca
Sat Jan 24 01:20:01 EST 2009 

For reference: An explanation of this behaviour.

https://bugzilla.mindrot.org/show_bug.cgi?id=1549

-k

On Fri, 19 Dec 2008, Kaizaad Bilimorya wrote:

> Anybody have any ideas on how to revert to the 5.0p1 behaviour?
>
> On Thu, 11 Dec 2008, Kaizaad Bilimorya wrote:
>> Hello,
>>
>> I am experiencing some strange behaviour that I am hoping someone can
>> shed some light on.
>>
>> OS and kernel:
>> Red Hat Enterprise Linux AS release 4 (Nahant Update 5)
>> Linux host135 2.6.9-67.9hp.7sp.XCsmp #1 SMP Thu Jul 3 18:55:59 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux
>>
>>
>> built both openssh-5.0p1 and openssh-5.1p1 with the following options:
>> ./configure --prefix=/usr --libexecdir=/usr/libexec/openssh --localstatedir=/var/empty/sshd \
>> --sysconfdir=/etc/ssh --with-pam --with-md5-passwords --with-zlib=/home/XXX/software/zlib-1.2.3 \
>> --with-tcp-wrappers
>>
>>
>> With everything else being identical and just swapping the sshd binaries,
>> I noticed the following:
>>
>> # ssh -v host135
>> debug1: match: OpenSSH_5.0 pat OpenSSH*
>> ...snip
>> # ssh host135 'echo $PATH'
>> /opt/octave/current:/opt/mpiblast/current/bin:/opt/lammps/current/bin:/opt/dlpoly/current/execute:
>> ...snip
>>
>> # ssh -v host135
>> debug1: match: OpenSSH_5.1 pat OpenSSH*
>> ...snip
>> # ssh host135 'echo $PATH'
>> /usr/bin:/bin:/usr/sbin:/sbin
>>
>>
>> According to the docs, the behaviour exhibited by v5.1 is correct, remote
>> command execution should not process the user's login shell and env. But
>> why was this happening in v5.0? I can't find anything in the 5.1 change
>> log that explains this change in behaviour.
>>
>> thanks
>> -k
>> _______________________________________________
>> openssh-unix-dev mailing list
>> openssh-unix-dev at mindrot.org
>> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>

More information about the openssh-unix-dev mailing list