[Bug 3142] ProxyCommand should be interpreted by a fixed shell like /bin/sh .
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Wed Apr 1 00:16:30 AEDT 2020
https://bugzilla.mindrot.org/show_bug.cgi?id=3142
--- Comment #8 from Tetsuo Handa <penguin-kernel at I-love.SAKURA.ne.jp> ---
(For the record)
Although Apache's login shell is /sbin/nologin , it is meant not to
allow shell login. Apache's CGI program is given freedom to use
arbitrary executable specified in the CGI program (i.e. not only
restricted shells but /bin/bash and perl and python). Therefore, for
processes invoked from CGI, it is an unexpected behavior that
/usr/bin/ssh uses /sbin/nologin for interpreting ProxyCommand. But
since CGI program can also set SHELL environment variable, setting
SHELL environment variable is the correct approach for preventing
/usr/bin/ssh from using /sbin/nologin .
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list