openssh bugs - May 2004 - [Bug 868] /etc/issue.net special characters should be supported

http://bugzilla.mindrot.org/show_bug.cgi?id=868

           Summary: /etc/issue.net special characters should be supported
           Product: Portable OpenSSH
           Version: 3.8p1
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: sshd
        AssignedTo: openssh-bugs at mindrot.org
        ReportedBy: floeff at arcor.de


The /etc/issue.net special characters should be supported, e.g. "Kernel \r
on an
\m" should print the correct values for a SSH banner.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=868

djm at mindrot.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |WONTFIX



------- Additional Comments From djm at mindrot.org  2004-05-17 23:35 -------
I don't think so - these are a Linuxism with would require addition of a bit
of
complexity. Besides, I don't think it is a good idea to advertise one's
kernel
version and machine architecture to a potential attacker.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=868





------- Additional Comments From floeff at arcor.de  2004-05-17 23:45 -------
It would be very practical to show some important information to SSH users.
/etc/issue.net can contain some other stuff than kernel information as well :)

At least please provide an OpenSSH-unique format for displaying this
information, e.g. with $kernelver, $architecture, etc. in the OpenSSH banner
file.

Regarding the disclosure of information to remote users: Please also have a look
at bug 764



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=868





------- Additional Comments From djm at mindrot.org  2004-05-18 00:14 -------
If you read bug #764, you will see that it is information disclosure that is
required for compatibility. We would probably like to get rid of it one day, but
not until the protocol is published as an RFC and not before we are willing to
give up compatibility with pre-RFC versions.

Back to this bug: I don't see any benefit in adding complexity to sshd to
allow
users to disclose more information. If you really want to make this information
public, why not autogenerate issue.net at boot time? (OpenBSD does just this
with /etc/motd)



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=868





------- Additional Comments From jason at devrandom.org  2004-05-18 02:44
-------
  Also, keep in mind that Linux itself has three different "standard"
getty
applications - mingetty, mgetty and agetty.  All three take different escape
sequences for /etc/issue*.  And all of the escape sequences contain info
that's
pretty easily gleaned from perl or another scripting language of choice to
generate at boot or at intervals.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=868





------- Additional Comments From floeff at arcor.de  2004-05-18 02:54 -------
Ok, acknowledged ;)



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.