From 3545384987968be58c1f6847dc0baf54b7783514 Mon Sep 17 00:00:00 2001 From: mouring Date: Tue, 20 Aug 2002 18:54:20 +0000 Subject: [PATCH] - stevesk@cvs.openbsd.org 2002/08/12 17:30:35 [ssh.1 sshd.8 sshd_config.5] more PermitUserEnvironment; ok markus@ --- ChangeLog | 3 +++ ssh.1 | 6 +++--- sshd.8 | 14 +++++++++++--- sshd_config.5 | 15 +++++++-------- 4 files changed, 24 insertions(+), 14 deletions(-) diff --git a/ChangeLog b/ChangeLog index 75830067..3e2b034d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -30,6 +30,9 @@ - stevesk@cvs.openbsd.org 2002/08/09 17:41:12 [sshd_config.5] proxy vs. fake display + - stevesk@cvs.openbsd.org 2002/08/12 17:30:35 + [ssh.1 sshd.8 sshd_config.5] + more PermitUserEnvironment; ok markus@ 20020813 - (tim) [configure.ac] Display OpenSSL header/library version. diff --git a/ssh.1 b/ssh.1 index 00ebdd4d..403c6ad6 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.161 2002/08/02 16:00:07 marc Exp $ +.\" $OpenBSD: ssh.1,v 1.162 2002/08/12 17:30:35 stevesk Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -744,9 +744,9 @@ and adds lines of the format .Dq VARNAME=value to the environment if the file exists and if users are allowed to change their environment. -See +See the .Cm PermitUserEnvironment -in +option in .Xr sshd_config 5 . .Sh FILES .Bl -tag -width Ds diff --git a/sshd.8 b/sshd.8 index a098b43c..769c7422 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.187 2002/08/02 16:00:07 marc Exp $ +.\" $OpenBSD: sshd.8,v 1.188 2002/08/12 17:30:35 stevesk Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -351,9 +351,9 @@ Sets up basic environment. Reads .Pa $HOME/.ssh/environment if it exists and users are allowed to change their environment. -See +See the .Cm PermitUserEnvironment -in +option in .Xr sshd_config 5 . .It Changes to user's home directory. @@ -462,6 +462,10 @@ logging in using this key. Environment variables set this way override other default environment values. Multiple options of this type are permitted. +Environment processing is disabled by default and is +controlled via the +.Cm PermitUserEnvironment +option. This option is automatically disabled if .Cm UseLogin is enabled. @@ -702,6 +706,10 @@ It can only contain empty lines, comment lines (that start with and assignment lines of the form name=value. The file should be writable only by the user; it need not be readable by anyone else. +Environment processing is disabled by default and is +controlled via the +.Cm PermitUserEnvironment +option. .It Pa $HOME/.ssh/rc If this file exists, it is run with /bin/sh after reading the environment files but before starting the user's shell or command. diff --git a/sshd_config.5 b/sshd_config.5 index fcebbede..0c799bfe 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.8 2002/08/09 17:41:12 stevesk Exp $ +.\" $OpenBSD: sshd_config.5,v 1.9 2002/08/12 17:30:35 stevesk Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -468,18 +468,17 @@ root is not allowed to login. .It Cm PermitUserEnvironment Specifies whether .Pa ~/.ssh/environment -is read by -.Nm sshd -and whether +and .Cm environment= options in .Pa ~/.ssh/authorized_keys -files are permitted. +are processed by +.Nm sshd . The default is .Dq no . -This option is useful for locked-down installations where -.Ev LD_PRELOAD -and suchlike can cause security problems. +Enabling environment processing may enable users to bypass access +restrictions in some configurations using mechanisms such as +.Ev LD_PRELOAD . .It Cm PidFile Specifies the file that contains the process ID of the .Nm sshd -- 2.45.1