Re: command [argument ...] in ssh(1): a footgun

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


On Sat, 27 May 2023, raf wrote:

>So, perhaps this could be added to the existing
>  "so any spaces in individual arguments must be

Must they? No, a single space will do just fine.

>  quoted using the syntax of the destination
>  user's login shell".
… keeping in mind the source shell’s quoting as well.

>If an example were needed, something like these should
>make it clear:
>  ssh user@host ls -l "'a b'"
>  ssh user@host "ls -l a\ b"

This one, incidentally, sends 'ls -l a b' to the remote shell.
   ssh user@host "ls -l a\\ b"
has the effect you want; the first backslash is eaten by the
local shell.

>  ssh user@host "ls -l 'a b'"

But you could also just do:
   ssh user@host ls -l \'a b\'

Only if it’s more than one space, or different whitespace,
does this come into effect.

The more important point is things like pipes and redirections anyway.

>Putting the extra information in a separate CAVEAT
>section is less helpful. I think it's better to put it
>where the feature itself is documented. People looking

Perhaps, perhaps not. Too much information in one place might have
the opposite effect. I’d rather give a short line there, with a
reference to .Sx CAVEATS below.

>Not knowing the details of each user's login shell is
>precisely the reason that ssh couldn't ever do the

Yes, exactly.

But for…
	ssh remhost ls -l \>foo

… it MUST NOT quote the I/O redirection sign, otherwise
the redirection would not work. That’s why I’m saying it
needs not and must not quote.

//mirabilos (current developer of a POSIX-compatible shell)
Infrastrukturexperte • tarent solutions GmbH
Am Dickobskreuz 10, D-53121 Bonn •
Telephon +49 228 54881-393 • Fax: +49 228 54881-235
HRB AG Bonn 5168 • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

/⁀\ The UTF-8 Ribbon
╲ ╱ Campaign against      Mit dem tarent-Newsletter nichts mehr verpassen:
 ╳  HTML eMail! Also,
╱ ╲ header encryption!
openssh-unix-dev mailing list

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux