IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

setting environment variables



Some questions regarding setting environment variables via SSH ("Connection"
draft, section 4.4).

"Environment variables may be passed to the shell/command to be started
later."

This mentions "shell" and "exec" channel requests, but not "subsystem."  Is
this deliberate?  Do we want to prevent the client from setting environment
variables for subsystem execution?  I'm not disagreeing, necessarily -- I can
see an argument from the abstraction and security point of view, as well as
the fact that a subsystem might be implemented as an internal process for
which setting environment variables does not make sense.  However, if this is
the intention, I think it should be made explicit.  (Of course, the SSH could
be running on an OS which does not have anything like environment variables,
so that it wouldn't make sense for program execution either...)

Also, the use of the phrase "the shell/command to be started later" is
misleading, as it implies that only one such will be started.  The connection
protocol may start multiple remote shells and/or programs.  I assume then that
the use of the "env" channel request builds up an environment-variable state
on the server, which is used for every program execution?  If that's so, we
need a way to unset environment variables as well.  It is not sufficient to
just set an old variable to the null string, since there is a program-visible
difference between a variable being unset, and being set to the zero-length
string.

- Richard



Home | Main Index | Thread Index | Old Index