Re: Explicitly call out host in SSH invocation?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Fri, Aug 11, 2017 at 2:05 PM Ben Lindstrom <mouring@xxxxxxxxxxxxxx> wrote:
> Why would they not do:  ssh -p 22  -- hostname  cmd to run
>
> That would ensure that no more parsed options happen.  Seems much more
> sane idea than the hack they put in.

Thanks Ben and Jakub for your replies. While I've seen `--` used from
time to time, I didn't realize it's significance, that `--` is a POSIX
convention to indicate no more option parsing, so I'm glad I asked as
I've now learned something (how to avoid a new class of "option
injection" attack that I haven't seen referenced before).

I agree that would have been a better fix for them - apparently they
had compatibility reasons for not doing so.

Cheers, Adam
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux