Problems with environment variables in Windows 7

Larry Hall (Cygwin) reply-to-list-only-lh@cygwin.com
Thu May 13 18:12:00 GMT 2010


<http://cygwin.com/acronyms/#TOFU>.  Reformatted.

On 5/13/2010 12:10 PM, yoni shalom wrote:
> On Thu, May 13, 2010 at 6:34 PM, Larry Hall (Cygwin)
> <raw email address>  wrote:
    ^^^^^^^^^^^^^^^^^
<http://cygwin.com/acronyms/#PCYMTNQREAIYR>  Don't feed the spammers.

>> On 5/13/2010 8:36 AM, yoni shalom wrote:
>>>
>>> I don't get the user's environment variables while in ssh session.
>>> Example :
>>>
>>> //open up cygwin console
>>> yoni@yonidesk ~
>>> $ env | grep -i ProgramFiles
>>> COMMONPROGRAMFILES=C:\Program Files\Common Files
>>> PROGRAMFILES=C:\Program Files
>>> yoni@yonidesk ~
>>> $ ssh yoni@localhost
>>> Last login: Thu May 13 13:45:01 2010 from ::1
>>> yoni@yonidesk ~
>>> $ env | grep -i ProgramFiles
>>> [nothing]
>>>
>>> Fresh install of latest cygwin, everything else otherwise seems to work.
>>> Any clues ? Thanks.
>>
>> The email archives is your friend:
>>
>> <http://sourceware.org/ml/cygwin/2010-05/msg00001.html>
> I did some googling around for this to no avail. Sorry 'bout that.
>  From the conversation you referred me to :  " ... 'ssh' is a secure
> shell so it has a minimal environment...."
>
> a. Did this change in one of the newer versions ? We have a few
> machines here configured the same way and we never got this problem
> before.

It was a change from Cygwin 1.5, yes.

> b. What's the reason for "downsizing" the environment variable set ?
> If I'm already securely authenticated as X why shouldn't I see
> everything X would if he had opened a terminal locally ?

It's fine if you were comfortable with more of your environment seeping
through the 'ssh' connection.  But your comfort is not really the issue.
Exposing specifics about your environment opens any connection up to
exploitation.  This is true for 'ssh' in any environment.  Check the
email archives for a discussion of this change if you're interested in
more details.

-- 
Larry Hall                              http://www.rfk.com
RFK Partners, Inc.                      (508) 893-9779 - RFK Office
216 Dalton Rd.                          (508) 893-9889 - FAX
Holliston, MA 01746

_____________________________________________________________________

A: Yes.
> Q: Are you sure?
>> A: Because it reverses the logical flow of conversation.
>>> Q: Why is top posting annoying in email?

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple



More information about the Cygwin mailing list