Re: [PATCH] Prefer getenv("HOME") to find the UNIX home directory

On 10/19/21 01:34, Kyotaro Horiguchi wrote:
> I tend to agree to this, but seeing ssh ignoring $HOME, I'm not sure
> it's safe that we follow the variable at least when accessing
> confidentiality(?) files.  Since I don't understand the exact
> reasoning for the ssh's behavior so it's just my humbole opinion.

According to https://bugzilla.mindrot.org/show_bug.cgi?id=3048#c1, it 
used to be supported to install the ssh binary as setuid.  A 
setuid/setgid binary needs to treat all environment variables with 
suspicion: if it can be convinced to write a file to $HOME with root 
privileges, then a user who modifies $HOME before invoking the binary 
could cause it to write to a file that the user normally couldn’t.

There’s no such concern for a binary that isn’t setuid/setgid.  Anyone 
with the ability to modify $HOME can be assumed to already have full 
control of the user account.

Anders