Bug#780797: openssh-server: modifies the user configuration

To: Christoph Anton Mitterer <calestyo@scientia.net>, 780797@bugs.debian.org
Subject: Bug#780797: openssh-server: modifies the user configuration
From: Vincent Lefevre <vincent@vinc17.net>
Date: Thu, 19 Mar 2015 23:58:32 +0100
Message-id: <[🔎] 20150319225832.GD5205@xvii.vinc17.org>
Reply-to: Vincent Lefevre <vincent@vinc17.net>, 780797@bugs.debian.org
In-reply-to: <[🔎] 1426805040.32511.1.camel@scientia.net>
References: <[🔎] 20150319160544.GA32247@xvii.vinc17.org> <[🔎] 20150319163122.GD3020@riva.ucam.org> <[🔎] 1426789118.4729.3.camel@scientia.net> <[🔎] 20150319190214.GG3020@riva.ucam.org> <[🔎] 20150319223709.GC5205@xvii.vinc17.org> <[🔎] 1426805040.32511.1.camel@scientia.net>

On 2015-03-19 23:44:00 +0100, Christoph Anton Mitterer wrote:
> On Thu, 2015-03-19 at 23:37 +0100, Vincent Lefevre wrote: 
> > BTW, it's also annoying that the user can no longer pass env variables
> > (e.g. the charset) to the remote side for machines where the admin
> > just uses Debian's default.
> But that was the case before either, at least except those matching LANG
> or LC_*

But at least the user could use non-standard (thus unused by the
system) variables to pass information to the remote side (in my case,
I used LC_CHARMAP). After this change only the standard variables can
be passed, but one shouldn't use them to pass information other that
what these variables normally carry.

> ... upstream allows per default even less (nothing)

IMHO, this is silly. Passing information to the remote side is
useful, and completely safe as long as the environment variable
is not used by the system.

> and both is done for good reasons (security).

I don't see how the change could improve security.

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Reply to:

Follow-Ups:
- Bug#780797: openssh-server: modifies the user configuration
  - From: Christoph Anton Mitterer <calestyo@scientia.net>

References:
- Bug#780797: openssh-server: modifies the user configuration
  - From: Vincent Lefevre <vincent@vinc17.net>
- Bug#780797: openssh-server: modifies the user configuration
  - From: Colin Watson <cjwatson@debian.org>
- Bug#780797: openssh-server: modifies the user configuration
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Bug#780797: openssh-server: modifies the user configuration
  - From: Colin Watson <cjwatson@debian.org>
- Bug#780797: openssh-server: modifies the user configuration
  - From: Vincent Lefevre <vincent@vinc17.net>
- Bug#780797: openssh-server: modifies the user configuration
  - From: Christoph Anton Mitterer <calestyo@scientia.net>

Prev by Date: Bug#780797: openssh-server: modifies the user configuration
Next by Date: Bug#780797: openssh-server: modifies the user configuration
Previous by thread: Bug#780797: openssh-server: modifies the user configuration
Next by thread: Bug#780797: openssh-server: modifies the user configuration
Index(es):
- Date
- Thread