--- localoptions.h
+++ localoptions.h
@@ -27,4 +27,6 @@
 #define MAX_AUTH_TRIES 2     /* limited by freetz, default 10 */
 #define AUTH_TIMEOUT 60      /* limited by freetz down to 60 seconds, default 300 */
 
+#define DEFAULT_PATH "/usr/bin:/bin:/var/bin"
+
 #endif
--- runopts.h
+++ runopts.h
@@ -137,6 +137,7 @@
         char *pubkey_plugin_options;
 #endif
 
+	char * childProcessPATH;
 } svr_runopts;
 
 extern svr_runopts svr_opts;
--- svr-chansession.c
+++ svr-chansession.c
@@ -981,7 +981,7 @@
 	addnewvar("LOGNAME", ses.authstate.pw_name);
 	addnewvar("HOME", ses.authstate.pw_dir);
 	addnewvar("SHELL", get_user_shell());
-	addnewvar("PATH", DEFAULT_PATH);
+	addnewvar("PATH", svr_opts.childProcessPATH);
 	if (chansess->term != NULL) {
 		addnewvar("TERM", chansess->term);
 	}
--- svr-runopts.c
+++ svr-runopts.c
@@ -101,6 +101,8 @@
 					"		(default port is %s if none specified)\n"
 					"-P PidFile	Create pid file PidFile\n"
 					"		(default %s)\n"
+					"-x PATH		Set PATH environment variable of child processes\n"
+					"		(default %s)\n"
 #if INETD_MODE
 					"-i		Start for inetd\n"
 #endif
@@ -133,6 +135,7 @@
 #endif
 					MAX_AUTH_TRIES,
 					DROPBEAR_MAX_PORTS, DROPBEAR_DEFPORT, DROPBEAR_PIDFILE,
+					DEFAULT_PATH,
 					DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT);
 }
 
@@ -175,6 +178,7 @@
 	svr_opts.hostkey = NULL;
 	svr_opts.delay_hostkey = 0;
 	svr_opts.pidfile = DROPBEAR_PIDFILE;
+	svr_opts.childProcessPATH = NULL;
 #if DROPBEAR_SVR_LOCALTCPFWD
 	svr_opts.nolocaltcp = 0;
 #endif
@@ -264,6 +268,9 @@
 				case 'P':
 					next = &svr_opts.pidfile;
 					break;
+				case 'x':
+					next = &svr_opts.childProcessPATH;
+					break;
 #if DO_MOTD
 				/* motd is displayed by default, -m turns it off */
 				case 'm':
@@ -374,6 +381,10 @@
 	}
 #endif
 
+	if (svr_opts.childProcessPATH == NULL) {
+		svr_opts.childProcessPATH = DEFAULT_PATH;
+	}
+
 	if (svr_opts.bannerfile) {
 		struct stat buf;
 		if (stat(svr_opts.bannerfile, &buf) != 0) {