it's really^3 annoying that no matter the value of $HOME, that tilde_expand_filename() only looks at getpwnam() and friends instead of at least trying getenv("HOME").
What is the use case?
HOME=longpath_to_config1
ssh -i ~/.ssh/key1
HOME=longpath_to_config2
ssh -i ~/.ssh/key2
but getpwnam() defeats this by always accessing what's in the passwd file. So .ssh/known_hosts is likewise read/written outside of $HOME/.ssh/ and the config files too don't remain in local scope.
Sure 99% of users $HOME = pw->pw_dir, but there are a zillion programs that honor $HOME, so why doesn't the SSH client? Is the concern that SSHD obviously should get caught up honoring a problematic path when evaluating Authorized_Keys? Well then have a flag that forces just the use of getpwnam() for paths that are sensitive. Though frankly, I think this case can be narrowed further to just when euid=0 and should blithely use HOME when the daemon was launched by a user on a high port (eg. sshd -D -d).
Thoughts?
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
