This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: sshd default user PATH


On Aug 14 13:20, Corinna Vinschen wrote:
> On Aug 14 09:56, Achim Gratz wrote:
> > I'm trying to figure out how sshd comes up with the PATH for the initial
> > environment.  Currently I get the Windows sytem PATH (converted to POSIX)
> > and then /bin appended.  This is no good, at least /bin should be at the
> > beginning of that PATH.
> 
> On other systems sshd sets $PATH to "/usr/bin:/bin:/usr/sbin:/sbin", but
> on Cygwin it doesn't change $PATH and just takes what it got from
> cygrunsrv so as not to break the search path for DLLs not in the system
> directories.
> 
> So this is kind of a cygrunsrv problem.  It simply appends /bin to
> $PATH, rather than prepending it.
> 
> > I've not been able to change this system-wide so far.  Apparently sshd has
> > been built on a machine where /etc/default/login wasn't present, at least it
> > doesn't appear to try to read that file (or any other system file) for
> > setting up the initial environment.
> 
> Right, /etc/default/login and, fwiw, any method to change $PATH from the
> default path is disabled on Cygwin deliberately for the reason outlined
> above.
> 
> > The /etc/sshrc is run if I create it,
> > but you can't set any environment variables from within it.  I don't want to
> > enable user environments.
> > 
> > I think it would be nice if there was a system file that could set the
> > initial environment for sshd, maybe setting external_path_file to
> > /etc/ssh_environment fits in better with the default Cygwin /etc layout, though.
> 
> It's not that simple.  It requires a code change in sshd.  However,
> maybe the rigorous handling is not required anymore these days.
> 
> Anyway, even if I re-enable /etc/default/login and the standard PATH
> handling in sshd, there's no way to set an arbitrary environment.  For
> security reasons, sshd is very selective in the environment variables it
> sets up.  From /etc/default/login, it takes *only* PATH and UMASK,
> for instance.  Everything else should be set in the shell profiles.
> 
> So, here's what I'll do:
> 
> - Change cygrunsrv to prepend /bin to $PATH rather then appending it.
> 
> - Drop the Cygwin specific ignorance of /etc/default/login from the
>   source code and build a new OpenSSH package.
> 
> Does that sound ok?

There's a problem.  On Cygwin it's not /etc/default, but /etc/defaults.
Note the trailing "s".

OpenSSH only provides support for /etc/default/login with no way to
influence the name or path.  This would require a patch to openssh just
for the sake of Cygwin.  I asked upstream, but I don't expect that this
will be changed any time soon.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: pgpHS6E24akE5.pgp
Description: PGP signature


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]