http://bugzilla.opensuse.org/show_bug.cgi?id=1206500 http://bugzilla.opensuse.org/show_bug.cgi?id=1206500#c11 --- Comment #11 from Peter Stark <peter.stark@storck.net> --- (In reply to Mark Gray from comment #10)

Removing mc fixes the bug. I like to use mc on occasion so perhaps the maintainers of mc might be interested. (Although I can do without it if need be). Nice find! However, on my system I have removed mc (don't need it anyways). Even rebooted, but with no avail. The message still comes. Maybe there are other packages using that same mechanism.

If I understand correctly what is going on, the DISPLAY variable links the X11 connection between both systems. The dbus communication then links both system in a side-channel like way and sets the environment. Therefore bypassing sshd's configuration. Which is new to me (doing Unix/Linux since mid 80's). One might say it is bypassing the security settings of ssh. On the other hand, one has to enable X11 to make this work. Which intern may imply that this environment transfer is "ok". After all that, I'm no longer certain that this is a security topic (as which I have opened it). Though, I don't like it. (LOL) Would be nice to hear/read some comments from the packagers from SUSE on that. Maybe the configure certain packages in the way the "mc" package is configured. Wait... homesrv:~ # env |grep BASH_FUNC BASH_FUNC_module%%=() { eval $($LMOD_CMD bash "$@") && eval $(${LMOD_SETTARG_CMD:-:} -s sh) BASH_FUNC_ml%%=() { eval $($LMOD_DIR/ml_cmd "$@") homesrv:~ # ls -l "$LMOD_DIR/ml_cmd" $LMOD_CMD -rwxr-xr-x 1 root root 22371 3. M�r 2022 /usr/share/lmod/lmod/libexec/lmod -rwxr-xr-x 1 root root 10345 3. M�r 2022 /usr/share/lmod/lmod/libexec/ml_cmd homesrv:~ # rpm -qf /usr/share/lmod/lmod/libexec/ml_cmd lua-lmod-8.4.28-150300.3.2.3.x86_64 homesrv:~ # rpm -qi lua-lmod ... Lmod is an Environment Module System based on Lua, Reads TCL Modules, Supports a Software Hierarchy. Distribution: SUSE Linux Enterprise 15 Hm... not sure if I can delete that RPM without causing havoc. -- You are receiving this mail because: You are on the CC list for the bug.