Re: setting environment variables

To: SECSH Discussion List <ietf-ssh%netbsd.org@localhost>
Subject: Re: setting environment variables
From: sjl%ssh.com@localhost (Sami J. Lehtinen)
Date: 03 Sep 2001 04:20:51 +0300

slade%shore.net@localhost ("Richard E. Silverman") writes:

> Some questions regarding setting environment variables via SSH ("Connection"
> draft, section 4.4).
> 
> "Environment variables may be passed to the shell/command to be started
> later."
> 
> This mentions "shell" and "exec" channel requests, but not "subsystem."  Is
> this deliberate?  Do we want to prevent the client from setting environment
> variables for subsystem execution?  I'm not disagreeing, necessarily -- I can
> see an argument from the abstraction and security point of view, as well as
> the fact that a subsystem might be implemented as an internal process for
> which setting environment variables does not make sense.  However, if this is
> the intention, I think it should be made explicit.  (Of course, the SSH could
> be running on an OS which does not have anything like environment variables,
> so that it wouldn't make sense for program execution either...)

In at least our implementation you can set environment variables
during subsystem execution. I agree the wording should be implicit,
whatever we decide.

> Also, the use of the phrase "the shell/command to be started later" is
> misleading, as it implies that only one such will be started.  The connection
> protocol may start multiple remote shells and/or programs.  I assume then that
> the use of the "env" channel request builds up an environment-variable state
> on the server, which is used for every program execution?  If that's so, we
> need a way to unset environment variables as well.  It is not sufficient to
> just set an old variable to the null string, since there is a program-visible
> difference between a variable being unset, and being set to the zero-length
> string.

If you look at the spec, the environment variables are channel
specific. And you can only run one command/subsystem/shell per
channel. So I'd say we don't need an "unset" message, as typically you
can't unset environment variables of a running process outside of the
process.

Cheers,
-- 
[sjl%ssh.com@localhost          --  Sami J. Lehtinen  --           sjl%iki.fi@localhost]
[work:+358 20 5007425][gsm:+358 40 864 3001][http://www.iki.fi/~sjl]
[SSH Communications Security Corp               http://www.ssh.com/]

References:
- setting environment variables
  - From: Richard E. Silverman

Prev by Date: Re: cooked mode sessions
Next by Date: RE: cooked mode sessions
Previous by Thread: setting environment variables
Next by Thread: I-D ACTION:draft-ietf-secsh-dns-key-format-00.txt
Indexes:

Home | Main Index | Thread Index | Old Index