[Bug 3884] The SSH_AUTH_SOCK variable is not quoted

[bugzilla-daemon at mindrot.org]

https://bugzilla.mindrot.org/show_bug.cgi?id=3884

Simon Josefsson <simon at josefsson.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |simon at josefsson.org

--- Comment #5 from Simon Josefsson <simon at josefsson.org> ---
I recall some other code that consider HOME potentially
attacker-controller and use `getpwent` to get a "trusted" path to the
user's home directory.  This may be an option here?

Still, it is valid to have /etc/passwd home folders with SPC in the
name, so things shouldn't break on that.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.