? diff Index: auth-options.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/auth-options.c,v retrieving revision 1.25 diff -u -r1.25 auth-options.c --- auth-options.c 21 Jul 2002 18:32:20 -0000 1.25 +++ auth-options.c 24 Jul 2002 17:03:38 -0000 @@ -133,7 +133,8 @@ goto next_option; } cp = "environment=\""; - if (strncasecmp(opts, cp, strlen(cp)) == 0) { + if (options.permit_user_env && + strncasecmp(opts, cp, strlen(cp)) == 0) { char *s; struct envstring *new_envstring; Index: servconf.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/servconf.c,v retrieving revision 1.112 diff -u -r1.112 servconf.c --- servconf.c 23 Jun 2002 09:46:51 -0000 1.112 +++ servconf.c 24 Jul 2002 17:03:38 -0000 @@ -87,6 +87,7 @@ options->kbd_interactive_authentication = -1; options->challenge_response_authentication = -1; options->permit_empty_passwd = -1; + options->permit_user_env = -1; options->use_login = -1; options->compression = -1; options->allow_tcp_forwarding = -1; @@ -204,6 +205,8 @@ options->challenge_response_authentication = 1; if (options->permit_empty_passwd == -1) options->permit_empty_passwd = 0; + if (options->permit_user_env == -1) + options->permit_user_env = 1; if (options->use_login == -1) options->use_login = 0; if (options->compression == -1) @@ -259,7 +262,7 @@ sPrintMotd, sPrintLastLog, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, sStrictModes, sEmptyPasswd, sKeepAlives, - sUseLogin, sAllowTcpForwarding, sCompression, + sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups, @@ -319,6 +322,7 @@ { "xauthlocation", sXAuthLocation }, { "strictmodes", sStrictModes }, { "permitemptypasswords", sEmptyPasswd }, + { "permituserenvironment", sPermitUserEnvironment }, { "uselogin", sUseLogin }, { "compression", sCompression }, { "keepalive", sKeepAlives }, @@ -670,6 +674,10 @@ case sEmptyPasswd: intptr = &options->permit_empty_passwd; + goto parse_flag; + + case sPermitUserEnvironment: + intptr = &options->permit_user_env; goto parse_flag; case sUseLogin: Index: servconf.h =================================================================== RCS file: /cvs/src/usr.bin/ssh/servconf.h,v retrieving revision 1.58 diff -u -r1.58 servconf.h --- servconf.h 20 Jun 2002 23:05:55 -0000 1.58 +++ servconf.h 24 Jul 2002 17:03:38 -0000 @@ -97,6 +97,7 @@ int challenge_response_authentication; int permit_empty_passwd; /* If false, do not permit empty * passwords. */ + int permit_user_env; /* If true, read ~/.ssh/environment */ int use_login; /* If true, login(1) is used */ int compression; /* If true, compression is allowed */ int allow_tcp_forwarding; Index: session.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/session.c,v retrieving revision 1.145 diff -u -r1.145 session.c --- session.c 22 Jul 2002 11:03:06 -0000 1.145 +++ session.c 24 Jul 2002 17:03:40 -0000 @@ -899,7 +899,7 @@ auth_sock_name); /* read $HOME/.ssh/environment. */ - if (!options.use_login) { + if (options.permit_user_env && !options.use_login) { snprintf(buf, sizeof buf, "%.200s/.ssh/environment", pw->pw_dir); read_environment_file(&env, &envsize, buf); Index: sshd_config =================================================================== RCS file: /cvs/src/usr.bin/ssh/sshd_config,v retrieving revision 1.56 diff -u -r1.56 sshd_config --- sshd_config 20 Jun 2002 23:37:12 -0000 1.56 +++ sshd_config 24 Jul 2002 17:03:40 -0000 @@ -75,6 +75,7 @@ #KeepAlive yes #UseLogin no #UsePrivilegeSeparation yes +#PermitUserEnvironment yes #Compression yes #MaxStartups 10 Index: sshd_config.5 =================================================================== RCS file: /cvs/src/usr.bin/ssh/sshd_config.5,v retrieving revision 1.5 diff -u -r1.5 sshd_config.5 --- sshd_config.5 9 Jul 2002 17:46:25 -0000 1.5 +++ sshd_config.5 24 Jul 2002 17:03:41 -0000 @@ -459,6 +459,21 @@ If this option is set to .Dq no root is not allowed to login. +.It Cm PermitUserEnvironment +Specifies whether +.Pa ~/.ssh/environment +is read by +.Nm sshd +and whether +.Cm environment= +options in +.Pa ~/.ssh/authorized_keys +files are permitted. +The default is +.Dq yes . +This option is useful for locked-down installations where +.Ev LD_PRELOAD +and suchlike can cause security problems. .It Cm PidFile Specifies the file that contains the process ID of the .Nm sshd