Re: [Doc] Extension of Included configuration files

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Mon, Mar 20, 2017 at 9:39 AM, Alexis Horgix Chotard
<alexis.horgix.chotard@xxxxxxxxx> wrote:
> Hello,
>
> 2017-03-20 14:26 GMT+01:00 Nico Kadel-Garcia <nkadel@xxxxxxxxx>:
>> I'm against it being on by default. Not because "include" files are
>> not an interesting idea, but because it could be prone to incompatible
>> abuse by other add-on packages after OpenSSH is installed, and because
>> the sequential activation of included files can lead to erratic
>> behavior when an individual file is added alphabetically ahead of
>> another included file which is no longer being successfully parsed due
>> to the first file. (Been there, done that with /etc/sudoers.d and
>> /etc/profile.d.)
>
> That's for this reason that my original proposal was only to include a
> SHOULD mention to the manpage, like "Included files should go to a
> ssh_config.d directory in order to be detected as such by external
> tools".

"Should" is better. "Should" protected from casual user replacement,
is even better, but that can be a religious issue.

> Would that make more sense to you ? If not, do you have any suggestion
> regarding the original problem of detecting ssh configuration files
> now that any file can be included ?

Not really. Pre-vetting them for parseability will slow down SSH
connections, perhaps not by much, but potentially significantly for a
system where disk access is having some difficulty.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux