Re: sshd UseLogin option
From: Bjoern Fischer (bfischer@Techfak.Uni-Bielefeld.DE)
Date: 03/14/02
- Next message: \: "Re: AES"
- Previous message: jack xiao: "AES"
- Maybe in reply to: Dag-Erling Smorgrav: "sshd UseLogin option"
- Next in thread: Crist J. Clark: "Re: sshd UseLogin option"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Bjoern Fischer <bfischer@Techfak.Uni-Bielefeld.DE> Date: Thu, 14 Mar 2002 06:10:25 +0100 To: Jason Stone <jason-fbsd-security@shalott.net>
>> And additionally to that, why is the environment variable MAIL hardcoded
>> to /var/mail/${logname} (or _PATH_MAILDIR/${logname}) in session.c
>> although setusercontext() is used? Crap!
>
>the CheckMail option in sshd is deprecated (I think that it actually
>generates an error in 3.1, the current version) and should not be used
>anymore.
It's not just for the CheckMail option, but the MAIL variable ends up
in the users environment for the session. Normally the admin would have
configured an appropriate environment via login.conf, so no dealing
with shell specific files or, even worse, no telling the user what
variable he has to set. And if a user doesn't start a normal shell
session, but directly fires up his (X11 based) MUA with that wrong
MAIL var.
-Björn
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: \: "Re: AES"
- Previous message: jack xiao: "AES"
- Maybe in reply to: Dag-Erling Smorgrav: "sshd UseLogin option"
- Next in thread: Crist J. Clark: "Re: sshd UseLogin option"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
