Re: AuthorizedKeysCommand size issue?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 

Daniel Kahn Gillmor <dkg@xxxxxxxxxxxxxxxxx> writes:
> Dag-Erling Smørgrav <des@xxxxxx> writes:
> > Or even 'echo "$(curl ...)"'
> This is potentially dangerous if curl produces a string that starts with
> a hyphen ("-"); in this case, echo will interpret the string as a set of
> option flags instead of as an argument to be repeated.

Technically, you're right.

In practice, it doesn't matter.  The worst that will happen is that echo
will print something other than the contents of the file, and even that
can only happen if the file contains only "-n" or "-e", neither of which
is a valid authorized_keys file.

DES
-- 
Dag-Erling Smørgrav - des@xxxxxx
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux