On Fri, 29 Sep 2017, Darren Tucker wrote: > On 29 September 2017 at 15:47, Damien Miller <djm@xxxxxxxxxxx> wrote: > > On Fri, 29 Sep 2017, Iain Morgan wrote: > > > >> Actually, according to OpenBSD's printenv(1) man page, it first appeared > >> in 2BSD. The man page on OS X claims it was BSD 3.0. However, it doesn't > >> appear to be part of any standard. > > of the systems I have available here: the BSDs Linux and AIX have it. > Solaris doesn't have it in the standard path but it is in /usr/ucb. > > >> Your suggestion ran into the same issue as the original test, but > >> escaping the evaluation by the user's shell appears to work: > >> > >> 'test -z `sh -c "echo \$SSH_USER_AUTH"`' || fail "SSH_USER_AUTH present" > > Well escaping something for the user's shell depends on the shell's > escaping rules. > > > How about: > > Or how about we do the escaping on the client side where we know what > the rules are and feed it to /bin/sh over stdin? Then it shouldn't > matter what the shell is. > > test -z $(echo 'echo $SSH_USER_AUTH' | env SSH_USER_AUTH=blah ${SSH} -F \ > $OBJ/ssh_proxy x /bin/sh) || fail "SSH_USER_AUTH present" All the escaping is on the client side in my patch, what gets sent is: exec sh -c 'test -z "$SSH_USER_AUTH"' which is IMO pretty unambiguous -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev