oss-sec mailing list archives
Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling
From: Solar Designer <solar () openwall com>
Date: Fri, 11 Jul 2014 00:14:32 +0400
On Thu, Jul 10, 2014 at 09:50:02PM +0200, Florian Weimer wrote:
* Solar Designer:The default sshd_config found in openssh-6.6p1.tar.gz does not list AcceptEnv, so presumably by default OpenSSH portable does not accept any environment variables.I expected it to accept TERM,
Good point. Perhaps the documentation of AcceptEnv needs to be revised to mention this exception.
which is sort of unavoidable.
Actually, it is avoidable. Yes, there is: if (s->term) child_set_env(&env, &envsize, "TERM", s->term); but there's also: static int session_pty_req(Session *s) { [...] if (no_pty_flag || !options.permit_tty) { debug("Allocating a pty not permitted for this authentication."); return 0; } [...] s->term = packet_get_string(&len); So it looks like listing "no-pty" in authorized_keys prevents not only allocation of a pty, but also passing of TERM. And this makes sense. Alexander
Current thread:
- CVE-2014-0475: glibc directory traversal in LC_* locale handling Florian Weimer (Jul 10)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Rich Felker (Jul 10)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Florian Weimer (Jul 10)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Solar Designer (Jul 10)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Daniel Kahn Gillmor (Jul 10)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Florian Weimer (Jul 10)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Solar Designer (Jul 10)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Florian Weimer (Jul 10)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Rich Felker (Jul 10)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Tavis Ormandy (Jul 10)
- Re: Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Rich Felker (Jul 10)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Stephane Chazelas (Jul 21)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Stephane Chazelas (Jul 21)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Florian Weimer (Jul 14)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Rich Felker (Jul 14)