> On 20 Oct 2021, at 07:40, Kyotaro Horiguchi <horikyota....@gmail.com> wrote: > > At Tue, 19 Oct 2021 02:44:03 -0700, Anders Kaseorg <ande...@mit.edu> wrote in >> On 10/19/21 01:34, Kyotaro Horiguchi wrote: >>> I tend to agree to this, but seeing ssh ignoring $HOME, I'm not sure >>> it's safe that we follow the variable at least when accessing >>> confidentiality(?) files. Since I don't understand the exact >>> reasoning for the ssh's behavior so it's just my humbole opinion. >> >> According to https://bugzilla.mindrot.org/show_bug.cgi?id=3048#c1, it >> used to be supported to install the ssh binary as setuid. A >> setuid/setgid binary needs to treat all environment variables with >> suspicion: if it can be convinced to write a file to $HOME with root >> privileges, then a user who modifies $HOME before invoking the binary >> could cause it to write to a file that the user normally couldn’t. >> >> There’s no such concern for a binary that isn’t setuid/setgid. Anyone >> with the ability to modify $HOME can be assumed to already have full >> control of the user account. > > Thansk for the link. Still I'm not sure it's the fact but it sounds > reasonable enough. If that's the case, I vote +1 for psql or other > commands honoring $HOME.
Is the proposed change portable across all linux/unix systems we support? Reading aobut indicates that it's likely to be, but neither NetBSD nor FreeBSD have the upthread referenced wording in their manpages. -- Daniel Gustafsson https://vmware.com/
