IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Session channel extension to specify home directory?

Bill Sommerfeld wrote:

On Wed, 2005-02-16 at 16:42, Joseph Galbraith wrote:


We just had a user request us to start a shell session
for them in an arbitrary directory.

I was wondering what people would think of the following
extension (for the session channel only):

byte      SSH_MSG_CHANNEL_REQUEST
uint32    recipient channel
string    "home-directory"
boolean   want reply
string    path to use as home directory [UTF-8]



starting the session in an arbitrary directory does not to me imply
setting $HOME.
clearly: 1) reading authorization information (~/.ssh/authorized_keys or ~/.*hosts) from a client-specified directory is an incredibly bad idea. 
I hope nobody's suggesting that but I run into bad ideas like this often
enough that I feel compelled to point it out...


Oh, definitely.  "home-directory" might have been the wrong
name... think "initial-working-directory" instead.
2) setting $HOME after authentication could be accomplished by the env request Niels mentioned. 

Works under unix, but no place else.
3) setting the working directory to something other than $HOME could be accomplished in most shells by sending over a compound command. if the account's shell is not a normal shell, you can't do that -- but in that case the account is may also be a captive environment, where setting either of the working directory or $HOME might violate the assumption of that captive environment. 

This works in the unix world.

This could be made to work in the NT world for shell, but
perhaps not for exec.

And it doesn't work at all for VMS.

It is pretty easy to come up with a solution that will
work most places, or require user configuration to get right.

I was aiming for a solution that could just work regardless
of the system I was connecting to... but, given the reality
of restricted shells, I think the risk vs. value doesn't
make it worth while to push forward.

Thanks everyone for pointing out the holes in my
hare-brained scheme.

Joseph
Home | Main Index | Thread Index | Old Index