Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling

[Rich Felker <dalias () libc org>]

On Thu, Jul 10, 2014 at 08:52:24PM +0200, Florian Weimer wrote:
> Stephane Chazelas discovered that directory traversal issue in locale
> handling in glibc.  glibc accepts relative paths with ".." components
> in the LC_* and LANG variables.  Together with typical OpenSSH
> configurations (with suitable AcceptEnv settings in sshd_config), this
> could conceivably be used to bypass ForceCommand restrictions (or
> restricted shells), assuming the attacker has sufficient level of
> access to a file system location on the host to create crafted locale
> definitions there.

Am I correct in assuming this affects most typical git setups (e.g.
gitolite) using ssh authorized_keys files with forced commands, where
the malicious file could simply be created as part of the git
repository? Or are these usually setup to filter the environment?

Rich