[Bug 2105] New: ssh-copy-id leads to rm -f * (local vs. dash)

[bugzilla-daemon at mindrot.org]

https://bugzilla.mindrot.org/show_bug.cgi?id=2105

            Bug ID: 2105
           Summary: ssh-copy-id leads to rm -f * (local vs. dash)
    Classification: Unclassified
           Product: Portable OpenSSH
           Version: 6.2p1
          Hardware: Other
               URL: http://bugs.debian.org/708419
                OS: Linux
            Status: NEW
          Severity: major
          Priority: P5
         Component: Miscellaneous
          Assignee: unassigned-bugs at mindrot.org
          Reporter: cjwatson at debian.org

Cyril Brulebois filed this bug in Debian:

"""
ssh-copy-id uses "local" while pretending to be POSIX compliant
(/bin/sh
as a shebang). Unfortunately, lack of error handling meands that this
isn't caught:
  local L_TMP_ID_FILE=$(mktemp ~/.ssh/ssh-copy-id_id.XXXXXXXXXX)
  trap "rm -f $L_TMP_ID_FILE*" EXIT TERM INT QUIT

mktemp succeeds but dash doesn't like local:
| $ dash
| $ local foo=bar
| dash: 1: local: not in a function
| $ echo $foo
|
| $

Which leads to:
  rm -f *

=> Nasty!

Traced back to 1:6.2p1-1 due to:
     - Update ssh-copy-id to Phil Hands' greatly revised version
       (closes: #99785, #322228, #620428; LP: #518883, #835901,
#1074798).

(Tagging "upstream" as it's also mention in upstream's ChangeLog.)

debdiffing both 6.1p1-4 and 1:6.2p1-1 confirms that the regression
was introduced in the latter (there was no "local" before).
"""

I think this may be a misdiagnosis; the "local" here is in a function. 
But, regardless of the exact cause, I wanted to make sure this was
forwarded to you in time for 6.2p2.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.