On Tue, Aug 04, 2020 at 01:29:52AM +0200, Thorsten Glaser <t.glaser@xxxxxxxxx> wrote: > On Tue, 4 Aug 2020, raf wrote: > > > In such cases, this vulnerability can be mitigated by > > the use of an ssh-specific command whitelisting control > > such as: > > Probably just as easy: give the user a restricted shell > (/bin/rmksh) as shell and set their PATH etc. suitably, > to not include any other commands. > > bye, > //mirabilos > PS: Full disclosure: I’m the mksh developer I've thought of a valid use for this kind of behaviour that someone might actually be relying on. :-) scp sourcefile remoteserver:'`[ -d /a/b/c ] || mkdir -p /a/b/c`/a/b/c/targetfile' (i.e. ensure that the destination directory exists before writing the file to it) cheers, raf _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
