Call for testing: OpenSSH 9.7

Bob Proulx bob at
Sat Mar 9 13:12:27 AEDT 2024

Darren Tucker wrote:
> [0]
> """
> Applications should note that the standard PATH to the shell cannot be
> assumed to be either /bin/sh or /usr/bin/sh, and should be determined
> by interrogation of the PATH returned by getconf PATH , ensuring that
> the returned pathname is an absolute pathname and not a shell
> built-in.
> """

This issue and the recent non-bsd distro file system locate thrashes
has me now seeing "#!/usr/bin/env sh" which when I saw that the first
time had me cringing but now I am writing that myself to work around
the problem.  And then of course I am using only portable shell
features so it does not matter which shell I get from that family.

As to avoiding the user's login shell which might be anything I have
for a long time been doing this when I don't need stdin.  (Standard
input is used by the here-doc.)

    ssh /usr/bin/env sh <<EOF
    echo one "t  w  o" three

And then quoting is simplified because stdin only goes through one
layer of shell interpretation.


More information about the openssh-unix-dev mailing list