Bug 1660166
Summary: | RHEL 8 should stop adding AccetEnv to /etc/ssh/sshd_config | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Troels Arvin <troels> |
Component: | openssh | Assignee: | Jakub Jelen <jjelen> |
Status: | CLOSED WONTFIX | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 8.0 | CC: | tmraz |
Target Milestone: | rc | ||
Target Release: | 8.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-12-19 10:58:30 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Troels Arvin
2018-12-17 16:45:48 UTC
AcceptEnv also means that on a given server, two users may use the exact same script manipulating the exact same data, but still get different results. And the differences may be easily overlooked, because it may only affect a small subset of the data being handled. Of course, that may also happen for other reasons, but I believe that it's important to minimized the risk of it happening. Specifically, I'm suggesting that the following section from openssh-7.7p1-redhat.patch in the source RPM file be removed (it's the last part of the patch file): ===================================================== @@ -106,6 +126,12 @@ AuthorizedKeysFile .ssh/authorized_keys # no default banner path #Banner none +# Accept locale-related environment variables +AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES +AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT +AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE +AcceptEnv XMODIFIERS + # override default of no subsystems Subsystem sftp /usr/libexec/sftp-server ===================================================== This is in RHEL since 2006 (bug #179851) and from what I understood this was actually trying to resolve these issues in RHEL 5. Maybe Tomas can comment on this: * Mon Feb 6 2006 Tomas Mraz <tmraz> - 4.3p1-2 [...] - pass locale environment variables to server, accept them there (#179851) I already saw this causing some issues (especially if the client sends language or encoding that is not supported by the server at all). If we are supposed to remove it, it is probably last chance around this time. Thanks to Jakub for tracing the origins for this. The old bug #179851 has a fundamental problem. It states: Ssh doesn't pass "local" locale-related envvars to remote host, as it should. The "as is should" part is simply plain wrong, given that upstream OpenSSH behaviour is to prevent environment passing by default (except for the TERM variable). This is just an opinion. Both passing and not passing the locale environment variables have its pros and cons. Tomas: If in doubt, stick to what the upstream software does. Do you agree with that? Not necessarily. It is too late for changing this in RHEL8 after Beta. Passing and accepting environment variables related to locale and language are usually good user experience and avoids similar kind of issues as described in the referenced bug. The UTF8 encoding is quite standard these days so in case you need to run a server with different encoding (for whatever reason), the openssh has a configuration file, where you can adjust it. We are not convinced that changing this would solve more issues than it would cause. If it is important for your business case, please contact your Red Hat support. |