Re: PAM session setup and environment variables

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



> If we're aiming for flexibility without sacrificing security, then a new
> sshd_config keyword (e.g. PAMSessionAcceptEnv) could be added to specify
> what is allowed to be forwarded to the PAM session modules.

Thanks for chiming in. How about we accept variables from a narrow allow-
list (XDG_SESSION_CLASS/TYPE, LC_*) for now and see how it goes?

Sounds good. Since nobody asked to forward LC_* and LANG variables to the
PAM session modules yet, we could start with just XDG_SESSION_CLASS and
XDG_SESSION_TYPE variables.

Wouldn't it be better (as in, more secure) to define
the session type and/or class on the server side
in the authorized_keys line?

That would provide the "if our monitoring system comes asking" differentiation
without allowing any new untrusted client-side data.

Or is that too late already?


Thinking more about this, a Match in sshd_config might also be helpful --
though that can't (as of yet) use the incoming pubkey.
But at least the logical incoming user can be matched up,
even if that one then translates to "just" another UID 0 or whatever.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux