Menu
I've read quite a few posts regarding the use of PermitUserEnvironment and the file ~/.ssh/environment in order to pass env variables to an ssh shell. The official sshd docs and a few other resources allude to some security risks of doing this.
Enabling environment processing may enable users to bypass access restrictions in some configurations using mechanisms such as LD_PRELOAD.
What are the likely security issue of activating PermitUserEnvironment? I was looking to hold DB connection details in these environment variables, is this advisable?
thanks
240
It's for cases where you restrict the user in some way by using a custom shell - if the user is able to set LD_PRELOAD then they could execute code as their user on the remote machine by intercepting a standard library call.
A simple example of this might be if you disable login for an SFTP-only user by setting their shell to a dynamically linked /bin/false - if they're able to modify ~/.ssh/environment or ~/.ssh/authorized_keys then they could add LD_PRELOAD=nefarious.so
126
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
