AuthorizedKeysCommand size issue?

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Apr 16 04:31:42 EST 2014


On 04/15/2014 09:47 AM, Dag-Erling Smørgrav wrote:
> Or even 'echo "$(curl ...)"'

This is potentially dangerous if curl produces a string that starts with
a hyphen ("-"); in this case, echo will interpret the string as a set of
option flags instead of as an argument to be repeated.

You might prefer:

  printf "%s "$(curl ...)"

But i do also share damien's general automatic aversion to using curl in
this context, *especially* over cleartext HTTP.  yikes!

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20140415/96f6d5c4/attachment.bin>


More information about the openssh-unix-dev mailing list