[Bug 2471] New: "match exec" prepends "exec" to its command

[bugzilla-daemon at bugzilla.mindrot.org]

https://bugzilla.mindrot.org/show_bug.cgi?id=2471

            Bug ID: 2471
           Summary: "match exec" prepends "exec" to its command
           Product: Portable OpenSSH
           Version: 7.1p1
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: res at qoxp.net

The "match exec" feature in ssh_config does this:

  static int
  execute_in_shell(const char *cmd)
  {
  ...
        /*                                                              
         * Use "exec" to avoid "sh -c" processes on some platforms      
         * (e.g. Solaris)                                               
         */
        xasprintf(&command_string, "exec %s", cmd);

This is a problem, because it assumes the user's shell supports a
particular command syntax, beyond just requiring that it support the
"$SHELL -c <command>" convention. For example, if your shell is fish
and you have e.g.:

  match exec "getent passwd %u | grep -q NOT_THERE"

This doesn't work, because:

  $ fish -c "getent passwd res | grep -q NOT_THERE" && echo match
  $ fish -c "exec getent passwd res | grep -q NOT_THERE" && echo match
  res:x:11500:11500::/home/res:/bin/bash
  match

... and of course, the shell might not have an "exec" command at all. I
think you should just remove this optimization. At least, it should be
documented if you leave it in; ssh_config(1) only says:

  The exec keyword executes the specified command under the user’s
shell.

Thanks,

Richard E. Silverman

-- 
You are receiving this mail because:
You are watching the assignee of the bug.