[Bug 3477] Support environment variable or %u token for User
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Feb 28 21:02:40 AEDT 2025
https://bugzilla.mindrot.org/show_bug.cgi?id=3477
--- Comment #5 from Darren Tucker <dtucker at dtucker.net> ---
(In reply to Darren Tucker from comment #4)
> This wouldn't be very hard to add, but one question I have is: are
> there any extant systems that use '%' or '${}' in their native
> usernames?
To partially answer my own question: at least {} is currently
disallowed:
static int
valid_ruser(const char *s)
{ [...]
for (i = 0; s[i] != 0; i++) {
if (strchr("'`\";&<>|(){}", s[i]) != NULL)
return 0;
and without the {}, a $ is just a literal:
$ ssh -o User='$FOO' localhost -G | grep user
user $FOO
and a '%' can escape itself, so it's still possible to send one if
necessary:
$ ssh -o User='%%' localhost -G | grep user
user %
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list