matthew patton
2017-May-18 21:51 UTC
feature request: use HOME before getpwnam() in misc.c
it's really^3 annoying that no matter the value of $HOME, that
tilde_expand_filename() only looks at getpwnam() and friends instead of at least
trying getenv("HOME").
What is the use case?
HOME=longpath_to_config1
ssh -i ~/.ssh/key1
HOME=longpath_to_config2
ssh -i ~/.ssh/key2
but getpwnam() defeats this by always accessing what's in the passwd file.
So .ssh/known_hosts is likewise read/written outside of $HOME/.ssh/ and the
config files too don't remain in local scope.
Sure 99% of users $HOME = pw->pw_dir, but there are a zillion programs that
honor $HOME, so why doesn't the SSH client? Is the concern that SSHD
obviously should get caught up honoring a problematic path when evaluating
Authorized_Keys? Well then have a flag that forces just the use of getpwnam()
for paths that are sensitive. Though frankly, I think this case can be narrowed
further to just when euid=0 and should blithely use HOME when the daemon was
launched by a user on a high port (eg. sshd -D -d).
Thoughts?
Hi, On Thu, May 18, 2017 at 09:51:04PM +0000, matthew patton wrote:> What is the use case? > > HOME=longpath_to_config1 > ssh -i ~/.ssh/key1 > > HOME=longpath_to_config2 > ssh -i ~/.ssh/key2If you run things like that, the "~" is not expanded by ssh but by your shell. Try "echo ~/"... Barking up the wrong tree... gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany gert at greenie.muc.de fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
pattonme at yahoo.com
2017-May-19 11:34 UTC
feature request: use HOME before getpwnam() in misc.c
I'm using bash. The shell does the correct thing.? Sorry ?didn't give the use case clearly.? I'm talking about the use of tilde inside client config. ?The example was to illustrate desired behavior. Ssh itself does not eval tilde with any consideration for environment. That is the problem.? ? Original Message ? From: Gert Doering Sent: Friday, May 19, 2017 02:19 To: matthew patton Cc: openssh-unix-dev at mindrot.org Subject: Re: feature request: use HOME before getpwnam() in misc.c Hi, On Thu, May 18, 2017 at 09:51:04PM +0000, matthew patton wrote:> What is the use case? > > HOME=longpath_to_config1 > ssh -i ~/.ssh/key1 > > HOME=longpath_to_config2 > ssh -i ~/.ssh/key2If you run things like that, the "~" is not expanded by ssh but by your shell. Try "echo ~/"... Barking up the wrong tree... gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany gert at greenie.muc.de fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de