In /etc/ssh/sshd_config
, there is an option called AcceptEnv
that allows the ssh client to send environment variables. I need to be able to send a large number of environment variables. These change on every connection from the client, so putting them in a login script on the server would be more difficult.
I've read that "AcceptEnv *"
is insecure. I'd like to understand why before I try to get a list of all of the environment variables that are attempted to be set to put there.
Why is it considered insecure? Can I get an example?
Best Answer
Not all version of the man pages for
sshd_config
mention this. If your environment variables are changed beforehand and certain privileged processes are executed with new libraries specified by this, issues can result.Take a look at http://www.dankalia.com/tutor/01005/0100501004.htm and search for "
LD_PRELOAD
Exploit". Sorry, the page has no anchor links.See also StackOverflow question: What is the LD_PRELOAD trick?
Setting environment variables after connection is fine, but when those variable are interpreted by the ssh daemon as set by
AcceptEnv
, Bad Things may occur.