Phasing out forwarding of locale settings
Ingo Schwarze
schwarze at usta.de
Fri Sep 3 20:46:22 AEST 2021
Hi Florian,
Florian Weimer wrote on Fri, Sep 03, 2021 at 11:55:54AM +0200:
> Most distributions send locale environment variables by default:
>
> SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
> SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
> SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE
> SendEnv XMODIFIERS
>
> And accept them on the server side:
>
> AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
> AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
> AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
> AcceptEnv XMODIFIERS
>
> (Some distributions also use LC_* wildcards.)
>
> Now that servers often use minimal installations which only support a
> small set of locales (C, C.UTF-8), would it make sense to discontinue
> this practice?
I think the question is moot. Fiddling with this is at best lipstick
on a pig. There is only one way to make remote shells safe, and
it is not specific to SSH. It requires that *both* of the following
necessary conditions be observed:
1. Make sure your xterm(1) is set to UTF-8 mode. Yes, using UTF-8
mode is critical even when you want to actually use US-ASCII only.
Traditional 8-bit mode cannot be made safe with any locale.
2. Make sure that on each side, either the POSIX locale or an UTF-8
locale is in use; it is not necessary that they match. Using any
other locale on either side is not safe.
See https://undeadly.org/cgi?action=article&sid=20160308204011
for details.
The situation with terminal emulators other than xterm(1) might be
even worse, but i suspect it is unlikely to be better.
Yours,
Ingo
More information about the openssh-unix-dev
mailing list