Re: command [argument ...] in ssh(1): a footgun

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Fri, 26 May 2023, Mingye Wang (Artoria2e5) wrote:

> ssh(1) currently affords an argument-passing functionality, but as the manpage
> states, all arguments are simply concatenated by space.

How else would it do that? The arguments are processed by the
shell first then passed as an array of NUL-terminated strings.

> The modest proposal is that we put a giant CAVEATS section in the manual page.

That might be useful indeed.

> The less modest one is we throw out the "[argument ...]" part altogether. It

Absolutely not. This will break about all uses of ssh in existence.

> What about escaping the arguments? Nobody said the user has to use a POSIX

Absolutely not. This will break almost all uses of ssh in existence.

bye,
//mirabilos
-- 
Infrastrukturexperte • tarent solutions GmbH
Am Dickobskreuz 10, D-53121 Bonn • http://www.tarent.de/
Telephon +49 228 54881-393 • Fax: +49 228 54881-235
HRB AG Bonn 5168 • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

                        ****************************************************
/⁀\ The UTF-8 Ribbon
╲ ╱ Campaign against      Mit dem tarent-Newsletter nichts mehr verpassen:
 ╳  HTML eMail! Also,     https://www.tarent.de/newsletter
╱ ╲ header encryption!
                        ****************************************************
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux