Hi OpenSSH folks-- this is more of a configuration question than a development question, i think, but: Are there any caveats worth being aware of about including the TZ variable in AcceptEnv for sshd_config by default? I don't see any particular risk, but if there are gotchas people know about, i'd be happy to be made aware of them. Regards, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1010 bytes Desc: OpenPGP digital signature URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20140610/ef879f83/attachment.bin>
On Tue, 10 Jun 2014, Daniel Kahn Gillmor wrote:> Hi OpenSSH folks-- > > this is more of a configuration question than a development question, i > think, but: > > Are there any caveats worth being aware of about including the TZ > variable in AcceptEnv for sshd_config by default? > > I don't see any particular risk, but if there are gotchas people know > about, i'd be happy to be made aware of them.some libc accept full paths to TZ files, so if you have any sort of restricted environment then you'd be trusting the TZ parser there.
Possibly Parallel Threads
- Provide AcceptEnv variables to a Linux PAM module?
- [Bug 1545] ssh-keygen -R removes all comments from known_hosts file
- request: add IP address to a log message to allow blocking
- [Bug 1506] New: rationalize agent behavior on smartcard removal/reattachment
- [Bug 1777] New: KnownHostsCommand