[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#532754: sshd should not setup MAIL environment variable

Package: openssh-server
Version: 1:5.1p1-5
Severity: normal

For now in session.c there is
 child_set_env(&env, &envsize, "MAIL", buf);

That is not good, I believe, because it set MAIL to some hardcoder value (/var/mail/<username>).
Sure, you could override it with pam_mail or pam_env. But I spent 10 minutes to find who set this variable.
May be it would be better not to set it from session.c, but remove "noenv" from pam_mail line in /etc/pam.d/ssh,
because pam_mail could export this variable itself.

It would be much more clear if administrator had to specify this variable itself in pam configs, than is
it hardcoded somewhere.

To provide compatibility with old behavior, just remove "noenv" from pam_mail conf in pam.d/sshd and pam_mail will
set this variable to /var/mail/<username> itself.

-- System Information:
Debian Release: 5.0.1
  APT prefers proposed-updates
  APT policy: (670, 'proposed-updates'), (670, 'stable'), (620, 'testing-proposed-updates'), (620, 'testing'), (600, 'unstable'), (550, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-openvz-686 (SMP w/1 CPU core)
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages openssh-server depends on:
ii  adduser         3.110                    add and remove users and groups
ii  debconf [debcon 1.5.24                   Debian configuration management sy
ii  dpkg            1.14.25                  Debian package management system
ii  libc6           2.7-18                   GNU C Library: Shared libraries
ii  libcomerr2      1.41.3-1                 common error description library
ii  libkrb53        1.6.dfsg.4~beta1-5lenny1 MIT Kerberos runtime libraries
ii  libpam-modules  1.0.1-5+lenny1           Pluggable Authentication Modules f
ii  libpam-runtime  1.0.1-5+lenny1           Runtime support for the PAM librar
ii  libpam0g        1.0.1-5+lenny1           Pluggable Authentication Modules l
ii  libselinux1     2.0.65-5                 SELinux shared libraries
ii  libssl0.9.8     0.9.8g-15+lenny1         SSL shared libraries
ii  libwrap0        7.6.q-16                 Wietse Venema's TCP wrappers libra
ii  lsb-base        3.2-20                   Linux Standard Base 3.2 init scrip
ii  openssh-blackli 0.4.1                    list of default blacklisted OpenSS
ii  openssh-client  1:5.1p1-5                secure shell client, an rlogin/rsh
ii  procps          1:3.2.7-11               /proc file system utilities
ii  zlib1g          1:        compression library - runtime

Versions of packages openssh-server recommends:
ii  openssh-blacklist-extra       0.4.1      list of non-default blacklisted Op
ii  xauth                         1:1.0.3-2  X authentication utility

Versions of packages openssh-server suggests:
pn  molly-guard                   <none>     (no description available)
pn  rssh                          <none>     (no description available)
pn  ssh-askpass                   <none>     (no description available)

-- debconf information:
  ssh/new_config: true
* ssh/use_old_init_script: true
* ssh/disable_cr_auth: false

Reply to: