drallen at cs
Jul 16, 2010, 2:26 PM
Post #1 of 2
(228 views)
Permalink
|
|
Re: PermitUserEnvironment
|
|
Daniel Allen wrote on May 26 18:14:31 EST 2010:
> Daniel Allen wrote on Fri Sep 4 23:46:12 EST 2009:
> > Damien Miller wrote:
> >
> > > We could make PermitUserEnvironment accept a pattern-list to
match
> > > environment variables, while retaining "yes", "no", "true" and
"false"
> > > as their current meanings of allow/deny-all.
> >
> > [...] The pattern-list would seem the more elegant approach for
our
> > use.
>
> I'd like to let you know that we're reviewing a patch which does
just as
> described, to accept a pattern for PermitUserEnvironment. It
affects vars
> defined in $HOME/.ssh/environment and authorized_keys. It
> accepts a single pattern, which is used as a case-insensitive
prefix for
> allowed variables. I will send along the patch as soon as I've had
a few
> colleagues review it.
And here, at last, is the patch, which will go into production in the
University
of Waterloo campus environment Real Soon Now. Feedback welcome.
Note that while the patch refers to openssh-5.4p1, it patches cleanly
against 5.5p1 as well. (I'd love to see this make it into the next
release!)
Thanks,
Daniel Allen
Computing Technology Specialist
Computer Science Computing Facility (CSCF)
David R. Cheriton School of Computer Science
University of Waterloo
(519) 888-4567 ext. 35448
drallen at uwaterloo dot ca
|
