[prev in list] [next in list] [prev in thread] [next in thread]
List: openssh-unix-dev
Subject: Re: patch to send incoming key to AuthorizedKeysCommand via stdin
From: Daniel Kahn Gillmor <dkg () fifthhorseman ! net>
Date: 2014-03-22 21:22:44
Message-ID: 532DFF24.4000406 () fifthhorseman ! net
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
On 03/22/2014 02:25 PM, Scott Duckworth wrote:
> If compatibility with programs that expect exactly one command line
> parameter (the username) then it seems like the environment variable is=
the
> way to go. But I'll leave that decision up to those more involved with=
the
> development of openssh.
After thinking about this a little more, i agree with you that the
environment variable is the way to go, but for another reason.
Many common operating systems expose each process' command line
arguments to other processes on the system, regardless of effective
userid, but they hide the environment from any other non-privileged users=
=2E
Using an environment variable would avoid leaking the proposed public
key to local users snooping around the process table.
Thanks for the thoughtful and thorough discussion on this!
--dkg
["signature.asc" (application/pgp-signature)]
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic