Daniel Kahn Gillmor <dkg@xxxxxxxxxxxxxxxxx> writes: > Dag-Erling Smørgrav <des@xxxxxx> writes: > > Or even 'echo "$(curl ...)"' > This is potentially dangerous if curl produces a string that starts with > a hyphen ("-"); in this case, echo will interpret the string as a set of > option flags instead of as an argument to be repeated. Technically, you're right. In practice, it doesn't matter. The worst that will happen is that echo will print something other than the contents of the file, and even that can only happen if the file contains only "-n" or "-e", neither of which is a valid authorized_keys file. DES -- Dag-Erling Smørgrav - des@xxxxxx _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev