scp not tolerant of extraneous shell messages

Nicolas.Williams at ubsw.com Nicolas.Williams at ubsw.com
Wed Jul 3 01:57:41 EST 2002 

On Tue, 2 Jul 2002, Ben Lindstrom wrote:
> On Tue, 2 Jul 2002, Markus Friedl wrote:
> > more people think the shell should always be involved.
> >
> > otherwise you can still sftp if the shell is set
> > to /bin/false for example.
> 
> Only way around it would be trusting /etc/shells

You still need to execute the shell because of environmental
issues, some of which can't be handled through mechanisms
provided by OpenSSH (e.g., umask). The umask could be made
settable through auth_keys options or other ~/.ssh mechanisms,
but even so, that would mean that users would have to setup
such things in multiple locations and, in any case, it really
would be surprising if shell initialization were not done at
all (it's certainly a very useful thing).

Why can't users learn? This is really a FAQ and you could
probably automate the closing of bug reports filed about
it :) :)

Year ago I must have made the same mistake - heck, I remember
making the mistake of writing test.c, compiling, running
"test" and nothing happening. Yeah, let's rename /bin/test,
yeah - oh and change all the shells too (after they stop
working :) - NOT.

This is just another Unix-ism - we learn to live with and to
love it because there is expressive power implied within that
we don't want to give up. So please keep using the shell to
invoke sub-system servers.


> - Ben


Cheers,

Nico
-- 

Visit our website at http://www.ubswarburg.com

This message contains confidential information and is intended only 
for the individual named.  If you are not the named addressee you 
should not disseminate, distribute or copy this e-mail.  Please 
notify the sender immediately by e-mail if you have received this 
e-mail by mistake and delete this e-mail from your system.

E-mail transmission cannot be guaranteed to be secure or error-free 
as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses.  The sender therefore 
does not accept liability for any errors or omissions in the contents 
of this message which arise as a result of e-mail transmission.  If 
verification is required please request a hard-copy version.  This 
message is provided for informational purposes and should not be 
construed as a solicitation or offer to buy or sell any securities or 
related financial instruments.

More information about the openssh-unix-dev mailing list