[Bug 3142] ProxyCommand should be interpreted by a fixed shell like /bin/sh .

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Apr 1 00:16:30 AEDT 2020


https://bugzilla.mindrot.org/show_bug.cgi?id=3142

--- Comment #8 from Tetsuo Handa <penguin-kernel at I-love.SAKURA.ne.jp> ---
(For the record)

Although Apache's login shell is /sbin/nologin , it is meant not to
allow shell login. Apache's CGI program is given freedom to use
arbitrary executable specified in the CGI program (i.e. not only
restricted shells but /bin/bash and perl and python). Therefore, for
processes invoked from CGI, it is an unexpected behavior that
/usr/bin/ssh uses /sbin/nologin for interpreting ProxyCommand. But
since CGI program can also set SHELL environment variable, setting
SHELL environment variable is the correct approach for preventing
/usr/bin/ssh from using /sbin/nologin .

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list