[Bug 2081] extend the parameters to the AuthorizedKeysCommand
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue Mar 25 08:45:10 EST 2014
https://bugzilla.mindrot.org/show_bug.cgi?id=2081
--- Comment #10 from Daniel Kahn Gillmor <dkg at fifthhorseman.net> ---
in discussion on the mailing list, i also pointed out that the argv are
more likely to leak to other processes on the host than the
environment:
http://marc.info/?l=openssh-unix-dev&m=139553657027791&w=2
If you think we should make everything available in the same space,
maybe we should also make the user name available in the environment?
iirc, the AuthorizedKeysCommand was initially implemented as a single
executable program with no configurable extra arguments,
shell-metacharacters, percent-escaping, or anything else complicated to
try to avoid creating a footgun for administrators who might put
something over-fancy in the config file, since this command will be
triggered by arbitrary remote network access (because it happens before
authentication/authorization).
Keeping the interface as minimally-configurable as possible seems to
try to keep to that same goal.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list