Bug#481647: sshd: does not execute .profile when command is specified

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#481647: sshd: does not execute .profile when command is specified
From: Graham Cobb <g+debian@cobb.uk.net>
Date: Sat, 17 May 2008 17:52:53 +0100
Message-id: <[🔎] 20080517165253.32196.16710.reportbug@carrera.home.cobb.me.uk>
Reply-to: Graham Cobb <g+debian@cobb.uk.net>, 481647@bugs.debian.org

Package: openssh-server
Version: 1:4.7p1-8
Severity: normal

I recently upgraded my lenny system with the latest openssh-server and all my
remote invocation scripts broke!

It seems that sshd no longer sources the user's .profile before executing a
command.  This means that, for example, there is now a difference between:

ssh somewhere
# command

and

ssh somewhere command

I do not believe that this can be related to the PermitUserEnvironment change as
 that change happened some time ago and the man page for sshd_config does not 
mention that this has any effect on .profile.  Also, .bashrc is still sourced
so there is no possible security benefit to the change.

If this change is, for some reason, deliberate, it should be described in a 
NEWS item as it breaks scripts for invoking commands on remote systems using 
ssh.

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (900, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.24-1-686 (SMP w/1 CPU core)
Locale: LANG=en_IE@euro, LC_CTYPE=en_IE@euro (charmap=ISO-8859-15) (ignored: LC_ALL set to en_IE@euro)
Shell: /bin/sh linked to /bin/bash

Versions of packages openssh-server depends on:
ii  adduser               3.107              add and remove users and groups
ii  debconf [debconf-2.0] 1.5.21             Debian configuration management sy
ii  dpkg                  1.14.18            package maintenance system for Deb
ii  libc6                 2.7-10             GNU C Library: Shared libraries
ii  libcomerr2            1.40.8-2           common error description library
ii  libkrb53              1.6.dfsg.3~beta1-4 MIT Kerberos runtime libraries
ii  libpam-modules        0.99.7.1-6         Pluggable Authentication Modules f
ii  libpam-runtime        0.99.7.1-6         Runtime support for the PAM librar
ii  libpam0g              0.99.7.1-6         Pluggable Authentication Modules l
ii  libselinux1           2.0.59-1           SELinux shared libraries
ii  libssl0.9.8           0.9.8g-10          SSL shared libraries
ii  libwrap0              7.6.q-15           Wietse Venema's TCP wrappers libra
ii  lsb-base              3.2-11             Linux Standard Base 3.2 init scrip
ii  openssh-client        1:4.7p1-8          secure shell client, an rlogin/rsh
ii  zlib1g                1:1.2.3.3.dfsg-12  compression library - runtime

Versions of packages openssh-server recommends:
ii  xauth                         1:1.0.3-1  X authentication utility

-- debconf information:
  ssh/insecure_rshd:
  ssh/insecure_telnetd:
  ssh/new_config: true
* ssh/use_old_init_script: true
  ssh/disable_cr_auth: false
  ssh/encrypted_host_key_but_no_keygen:

Reply to:

Follow-Ups:
- Bug#481647: sshd: does not execute .profile when command is specified
  - From: Florian Weimer <fw@deneb.enyo.de>
- Bug#481647: marked as done (sshd: does not execute .profile when command is specified)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#481446: closed by Colin Watson <cjwatson@debian.org> (Re: Bug#481446: openssh-server: openssh does not start complaining about comprimised keys with new generated keys)
Next by Date: lsh-server
Previous by thread: Bug#481446: closed by Colin Watson <cjwatson@debian.org> (Re: Bug#481446: openssh-server: openssh does not start complaining about comprimised keys with new generated keys)
Next by thread: Bug#481647: sshd: does not execute .profile when command is specified
Index(es):
- Date
- Thread