| Summary: | Authorized keys environment parsing error | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | coladict | ||||||
| Component: | sshd | Assignee: | Damien Miller <djm> | ||||||
| Status: | CLOSED FIXED | ||||||||
| Severity: | normal | CC: | calestyo, djm, dtucker | ||||||
| Priority: | P5 | ||||||||
| Version: | -current | ||||||||
| Hardware: | All | ||||||||
| OS: | All | ||||||||
| Bug Depends on: | |||||||||
| Bug Blocks: | 2360 | ||||||||
| Attachments: |
|
||||||||
Created attachment 2592 [details]
revised diff
IMO it's better to delay the test of permit_env until after the environment variable is fully parsed. This will prevent it from getting desynchronised and better alert on errors.
patch applied. This will be in openssh-6.9 Set all RESOLVED bugs to CLOSED with release of OpenSSH 7.1 The changelog entry for this reads:
>sshd(8): make parsing of authorized_keys "environment=" options
>independent of PermitUserEnv being enabled;
which kinda sounds as if "environment=" would be applied even if PermitUserEnvironment=no... but this isn't the case here, is it?
|
Created attachment 2520 [details] Untested patch, but should work When there is an environment setting in the authorized keys file and setting them is disabled it results in a parsing error, rather than simply ignoring the option. I tried writing a workaround, but I won't have a second computer to properly test it any time soon, so I didn't even try to compile it. Also I would be doing it that on the Ubuntu sources, which have different line numbers, but the code in that area is the same, unchanged between the platforms. If it doesn't work, at the very least it shows where the problem is.