[Bug 2081] extend the parameters to the AuthorizedKeysCommand
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Mon Feb 9 16:55:11 AEDT 2015
https://bugzilla.mindrot.org/show_bug.cgi?id=2081
--- Comment #28 from Damien Miller <djm at mindrot.org> ---
I'm not sure about splitting arguments in sshd, I think I'd prefer to
just pass the whole AuthorizedKeysCommand to the shell like the current
code (and all other *command options in ssh/sshd).
Beyond the username (which must exist in the system password database)
and key text (which cannot contain shell metacharacters), there are no
attacker-controllable values in the command and so it should be quite
safe to pass to the shell.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list