Why are the arguments supplied for the command run through ssh interpreted by shell before they are passed to the command on the server side?

Yuri yuri at rawbw.com
Tue Jan 14 06:23:30 AEDT 2020

On 2020-01-13 00:14, Jochen Bern wrote:
> Because sshd ignoring the target account's configured, possibly
> restricted, shell and running whatever executable the client asked for
> would promise to be a backdoor large enough to drive an aircraft carrier
> through. Sideways.
> Not to mention that running commands on the server without having the
> login shell set up the environment - $PATH, $LD_LIBRARY_PATH, etc. etc.
> - would very likely be an issue no less complicated than figuring out
> the nested quoting.

Your objection is really only about how the command is handled, not its 
arguments, and my concern is mostly how arguments are expanded.

So I would reformulate my suggestion:

              Disable command arguments expansion. When the command is

              run remotely, ssh passes arguments to the remote command

              verbatim, as they were supplied, without any expansions. The

              command itself is treated the same way as commands are

              treated without the -z argument.


More information about the openssh-unix-dev mailing list