Re: Phasing out forwarding of locale settings

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 09.09.21 17:51, Alexander E. Patrakov wrote:
> 03.09.2021 20:02, Jochen.Bern at binect.de (Jochen Bern) пишет:
>> On 03.09.21 11:55, Florian Weimer wrote:
>>> Now that servers often use minimal installations which only support a
>>> small set of locales (C, C.UTF-8), would it make sense to discontinue
>>> this practice?
>>
>> In order to achieve what exactly?
> 
> I would rather not forward the locale settings, and especially not
> accept them on the server side, and here is why.
> 
> More and more newbie Linux/cloud sysadmins use MacOS, not Linux, as
> their main system, and we have to deal with it. [...] Here is the
> default environment on a Mac running Big Sur:
> 
[...]> TERM_PROGRAM=Apple_Terminal
> LC_CTYPE=UTF-8
[...]
> 
> On Debian, the server-side configuration (minus comments) is as follows:
> 
[...]
> AcceptEnv LANG LC_*
[...]
> 
> So it accepts locale-related variables. Including this one:
> 
> LC_CTYPE=UTF-8
> 
> But, this is valid on MacOS only. It is not a valid locale on Linux, and
> will never be.

Most importantly (IMHO), that setting for a *language* env var fails to
indicate *a language* (or anything else that qualifies as localization).
Is there any locales support in MacOS, GUI excluded, in the first place?

> So, MacOS users that try to ssh to Debian systems will
> see locale errors (e.g. from Perl programs), and they often don't know
> why these errors appear and how to fix them.

My guess would be that we'll see Linux distribs do the equivalent of "ln
-s /usr/lib/locale/C.utf8 /usr/lib/locale/UTF-8" Any Day Now™ if MacOS
continues to throw that value around ...

One important point is that OpenSSH, as a trans-distrib upstream,
apparently *already does what you're asking*; the sshd_config manpage
says that "The default is not to accept any environment variables", even
on my CentOS systems, which come with

> # Accept locale-related environment variables
> AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
> AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
> AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
> AcceptEnv XMODIFIERS

as *the distrib's* default config file content, and there is *no*
AcceptEnv to be seen in

https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config?rev=1.104&content-type=text/x-cvsweb-markup

, not even commented out.

So, the ones you actually have to convince are the maintainers of
various distribs' OpenSSH packages. Who *might* have more interest in
that TheirOwnDistrib-to-TheirOwnDistrib logins work as usual,
*including* carrying the localizations along that work fine *there* ...

What you could ask for *here* is that OpenSSH stops supporting SendEnv /
AcceptEnv altogether - but I have a hunch that you'll need a much more
convincing case to get *that* thermonuclear solution.

Regards,
-- 
Jochen Bern
Systemingenieur

Binect GmbH

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux