command [argument ...] in ssh(1): a footgun
raf
ssh at raf.org
Tue May 30 09:52:59 AEST 2023
On Mon, May 29, 2023 at 06:35:34PM +0000, Peter Stuge <peter at stuge.se> wrote:
> raf wrote:
> > Not knowing the details of each user's login shell is
> > precisely the reason that ssh couldn't ever do the
> > quoting itself.
>
> The footgun is unrelated to shells.
>
> The SSH_MSG_CHANNEL_REQUEST protocol message for "exec" (RFC 4254)
> channels which are used to run a single remote command contains
> exactly one string for the command.
>
> sshd (see bottom of do_child() in session.c) runs that command string as:
>
> remote_users_shell -c command
I'm aware of that. That's why I said what I said.
Sorry, but I don't understand what point you are making.
> //Peter
More information about the openssh-unix-dev
mailing list