[Bug 2081] extend the parameters to the AuthorizedKeysCommand

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Mar 25 08:45:10 EST 2014


https://bugzilla.mindrot.org/show_bug.cgi?id=2081

--- Comment #10 from Daniel Kahn Gillmor <dkg at fifthhorseman.net> ---
in discussion on the mailing list, i also pointed out that the argv are
more likely to leak to other processes on the host than the
environment:

  http://marc.info/?l=openssh-unix-dev&m=139553657027791&w=2

If you think we should make everything available in the same space,
maybe we should also make the user name available in the environment?

iirc, the AuthorizedKeysCommand was initially implemented as a single
executable program with no configurable extra arguments,
shell-metacharacters, percent-escaping, or anything else complicated to
try to avoid creating a footgun for administrators who might put
something over-fancy in the config file, since this command will be
triggered by arbitrary remote network access (because it happens before
authentication/authorization).

Keeping the interface as minimally-configurable as possible seems to
try to keep to that same goal.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list