more PermitUserEnvironment; ok markus@

3 files changed, 21 insertions, 14 deletions

diff --git a/usr.bin/ssh/ssh.1 b/usr.bin/ssh/ssh.1
index 00ebdd4dd6d..403c6ad650c 100644
--- a/usr.bin/ssh/ssh.1
+++ b/usr.bin/ssh/ssh.1
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.161 2002/08/02 16:00:07 marc Exp $
+.\" $OpenBSD: ssh.1,v 1.162 2002/08/12 17:30:35 stevesk Exp $
 .Dd September 25, 1999
 .Dt SSH 1
 .Os
@@ -744,9 +744,9 @@ and adds lines of the format
 .Dq VARNAME=value
 to the environment if the file exists and if users are allowed to
 change their environment.
-See
+See the
 .Cm PermitUserEnvironment
-in
+option in
 .Xr sshd_config 5 .
 .Sh FILES
 .Bl -tag -width Ds
diff --git a/usr.bin/ssh/sshd.8 b/usr.bin/ssh/sshd.8
index a098b43ca9d..769c7422417 100644
--- a/usr.bin/ssh/sshd.8
+++ b/usr.bin/ssh/sshd.8
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.187 2002/08/02 16:00:07 marc Exp $
+.\" $OpenBSD: sshd.8,v 1.188 2002/08/12 17:30:35 stevesk Exp $
 .Dd September 25, 1999
 .Dt SSHD 8
 .Os
@@ -351,9 +351,9 @@ Sets up basic environment.
 Reads
 .Pa $HOME/.ssh/environment
 if it exists and users are allowed to change their environment.
-See
+See the
 .Cm PermitUserEnvironment
-in
+option in
 .Xr sshd_config 5 .
 .It
 Changes to user's home directory.
@@ -462,6 +462,10 @@ logging in using this key.
 Environment variables set this way
 override other default environment values.
 Multiple options of this type are permitted.
+Environment processing is disabled by default and is
+controlled via the
+.Cm PermitUserEnvironment
+option.
 This option is automatically disabled if
 .Cm UseLogin
 is enabled.
@@ -702,6 +706,10 @@ It can only contain empty lines, comment lines (that start with
 and assignment lines of the form name=value.
 The file should be writable
 only by the user; it need not be readable by anyone else.
+Environment processing is disabled by default and is
+controlled via the
+.Cm PermitUserEnvironment
+option.
 .It Pa $HOME/.ssh/rc
 If this file exists, it is run with /bin/sh after reading the
 environment files but before starting the user's shell or command.
diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5
index 335f225f14d..947c339b8a9 100644
--- a/usr.bin/ssh/sshd_config.5
+++ b/usr.bin/ssh/sshd_config.5
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.8 2002/08/09 17:41:12 stevesk Exp $
+.\" $OpenBSD: sshd_config.5,v 1.9 2002/08/12 17:30:35 stevesk Exp $
 .Dd September 25, 1999
 .Dt SSHD_CONFIG 5
 .Os
@@ -462,18 +462,17 @@ root is not allowed to login.
 .It Cm PermitUserEnvironment
 Specifies whether
 .Pa ~/.ssh/environment
-is read by
-.Nm sshd
-and whether
+and
 .Cm environment=
 options in
 .Pa ~/.ssh/authorized_keys
-files are permitted.
+are processed by
+.Nm sshd .
 The default is
 .Dq no .
-This option is useful for locked-down installations where
-.Ev LD_PRELOAD
-and suchlike can cause security problems.
+Enabling environment processing may enable users to bypass access
+restrictions in some configurations using mechanisms such as
+.Ev LD_PRELOAD .
 .It Cm PidFile
 Specifies the file that contains the process ID of the
 .Nm sshd