X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=fa1wlcgmtZDxaukpnm66qdrxuzfofZThH4eocuco/4lNw2abQI255
	zgHHBNSUUh16yDomILUW2dBjVrs7s4RfV9jl6FObzvHRA19I0WfThLQJg+8AYaJg
	Zrko/r1lz5zUyqLfU7RKn6p3OdRHIjPe1w8bMnnIpIxEOcZMcFwOe4=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	 bh=T5qiL0y9jokjkhBpEeGuoCkWzeI=; b=SjqOHkL3PXwFkUDUbc6IBzjLVuJY
	atU9W5IwI6Ih8dE1Eg/NjxxQxvoVsu2roUyex4rDF0m/X2u+y/TN/3L9J2Z0R+qU
	qNvgnEUoLrzKVeOD+vMQ75y3h5kYHUttMgHekrMhlc9sKVFP7xMnMQr7ymye3bsi
	690iT3dTMFA46n0=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-5.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.2
X-HELO: calimero.vinschen.de
Date: Thu, 14 Aug 2014 13:20:06 +0200
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: sshd default user PATH
Message-ID: <20140814112006.GA22411@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <loom DOT 20140814T113926-374 AT post DOT gmane DOT org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;	protocol="application/pgp-signature"; boundary="SUOF0GtieIMvvwua"
Content-Disposition: inline
In-Reply-To: <loom.20140814T113926-374@post.gmane.org>
User-Agent: Mutt/1.5.23 (2014-03-12)

--SUOF0GtieIMvvwua
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Aug 14 09:56, Achim Gratz wrote:
> I'm trying to figure out how sshd comes up with the PATH for the initial
> environment.  Currently I get the Windows sytem PATH (converted to POSIX)
> and then /bin appended.  This is no good, at least /bin should be at the
> beginning of that PATH.

On other systems sshd sets $PATH to "/usr/bin:/bin:/usr/sbin:/sbin", but
on Cygwin it doesn't change $PATH and just takes what it got from
cygrunsrv so as not to break the search path for DLLs not in the system
directories.

So this is kind of a cygrunsrv problem.  It simply appends /bin to
$PATH, rather than prepending it.

> I've not been able to change this system-wide so far.  Apparently sshd has
> been built on a machine where /etc/default/login wasn't present, at least=
 it
> doesn't appear to try to read that file (or any other system file) for
> setting up the initial environment.

Right, /etc/default/login and, fwiw, any method to change $PATH from the
default path is disabled on Cygwin deliberately for the reason outlined
above.

> The /etc/sshrc is run if I create it,
> but you can't set any environment variables from within it.  I don't want=
 to
> enable user environments.
>=20
> I think it would be nice if there was a system file that could set the
> initial environment for sshd, maybe setting external_path_file to
> /etc/ssh_environment fits in better with the default Cygwin /etc layout, =
though.

It's not that simple.  It requires a code change in sshd.  However,
maybe the rigorous handling is not required anymore these days.

Anyway, even if I re-enable /etc/default/login and the standard PATH
handling in sshd, there's no way to set an arbitrary environment.  For
security reasons, sshd is very selective in the environment variables it
sets up.  From /etc/default/login, it takes *only* PATH and UMASK,
for instance.  Everything else should be set in the shell profiles.

So, here's what I'll do:

- Change cygrunsrv to prepend /bin to $PATH rather then appending it.

- Drop the Cygwin specific ignorance of /etc/default/login from the
  source code and build a new OpenSSH package.

Does that sound ok?


Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--SUOF0GtieIMvvwua
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJT7JtmAAoJEPU2Bp2uRE+gIZ4P/iXyEf0VjivKHPtaJRZfuRd1
avzHECwjUgDv8uTR3ieWE/CINVVaMPv9/a0n0rzejSUYqUCcibv5abWSYR6Sfz4q
uzNVcRmjYD3dMxiCNk4s2Sxt34ZzTGPlVXc7L/MwTs44nNx1W+y7snzhMHEIkPJc
e6p/VhznotVqxvV2imLiPqORKKyvEXNlf7IwCaLFNQ947WR/qETWYlmAn4V+LdZF
J5dEgTzZKUafO6rXHC0wg/S20w3icde6/iFAEDHBMAcjeYntf1p/r7LPS8iN6HGS
B9k5537NrKPpopHNyzVp8bqCsYidjuX6eW5H2N9xKYVtzV3gJCIWRqLZxY/ScA4F
pB1ba0sW6RWLF9We6Fww5FJ5+Im+fsWrD8KqmTkgQl+OZjT9WVdYLRNjZZLqQqEc
WR6OZJx+dTS+OgyK3C1aSEGMI2RHYHYUKN8wjqyBW8BacfWp/1YPjVYcDxjd5vrH
zdGEX1FLZ4N1kl2OXxwApjobFeJK0KU7w09Ov06reM6Y/WmoSWlXMhv3VCmeYoh8
IMsVRpknDpR0ucOVejulAa4TfY3ppM8ifANOYIX044h9pyKZuBnBs8Sn9bD9M7u+
xoLnq9UNRUNlEXr6XdZYBHFtCuhI6U3xu329XABcmfkT8eTiom45atFS1D+w0N/e
ukOE4X4atNDbcUy8WOuv
=nfyv
-----END PGP SIGNATURE-----

--SUOF0GtieIMvvwua--