[Bug 3200] Will future versions of openssh fix CVE-2020-15778?

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Mon Apr 12 19:22:42 AEST 2021


--- Comment #2 from kircher <kircherlike at outlook.com> ---
Maybe we can prevent this by configuring the mandatory command.
A simple example is:

ForceCommand if [[ -z $SSH_ORIGINAL_COMMAND ]];then exec /bin/bash
-il;elif [[ -z "$(echo $SSH_ORIGINAL_COMMAND | grep scp | grep '`')"
]];then exec /bin/bash -c "$SSH_ORIGINAL_COMMAND";else echo backquote
not allow in scp;fi

You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

More information about the openssh-bugs mailing list