On 2020-01-13 00:14, Jochen Bern wrote:
Because sshd ignoring the target account's configured, possibly restricted, shell and running whatever executable the client asked for would promise to be a backdoor large enough to drive an aircraft carrier through. Sideways. Not to mention that running commands on the server without having the login shell set up the environment - $PATH, $LD_LIBRARY_PATH, etc. etc. - would very likely be an issue no less complicated than figuring out the nested quoting.
Your objection is really only about how the command is handled, not its arguments, and my concern is mostly how arguments are expanded.
So I would reformulate my suggestion: -z Disable command arguments expansion. When the command is run remotely, ssh passes arguments to the remote command verbatim, as they were supplied, without any expansions. The command itself is treated the same way as commands are treated without the -z argument. Yuri _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
