[Bug 3884] The SSH_AUTH_SOCK variable is not quoted
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Oct 23 17:36:50 AEDT 2025
https://bugzilla.mindrot.org/show_bug.cgi?id=3884
--- Comment #4 from Beat Bolli <me+mindrot at drbeat.li> ---
(In reply to Damien Miller from comment #3)
> Does it need to deal with other shell metacharacters?
>
> If we do need to care about them, then maybe ssh-agent should just
> check for their presence and either refuse to start or automatically
> use /tmp for the agent sockets.
It boils down to whether we consider $HOME attacker-controlled or not.
If an attacker can control $HOME, the user may have bigger security
issues than ssh-agent...
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list