On Thu, 2015-03-19 at 23:58 +0100, Vincent Lefevre wrote: > But at least the user could use non-standard (thus unused by the > system) variables to pass information to the remote side (in my case, > I used LC_CHARMAP). After this change only the standard variables can > be passed, but one shouldn't use them to pass information other that > what these variables normally carry. Well but preventing this is the whole idea of AcceptEnv. If someone really needs it, it shouldn't be impossible to let the admin allow it (perhaps on a per-user basis), or to use a more appropriate way of passing information. > IMHO, this is silly. Passing information to the remote side is > useful, and completely safe as long as the environment variable > is not used by the system. Which you cannot really know whether there's anything which does. > > and both is done for good reasons (security). > I don't see how the change could improve security. Just because you don't know a program which uses LC_ALLOW_ARBITRARY_ACCESS to allow "breaking out" the program doesn't mean there is none. Striping "unsafe" / "unknown" env vars is common practise for many programs (e.g. sudo, suexec and things like that). Cheers, Chris.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature