On Mon, May 29, 2023 at 06:35:34PM +0000, Peter Stuge <peter@xxxxxxxx> wrote: > raf wrote: > > Not knowing the details of each user's login shell is > > precisely the reason that ssh couldn't ever do the > > quoting itself. > > The footgun is unrelated to shells. > > The SSH_MSG_CHANNEL_REQUEST protocol message for "exec" (RFC 4254) > channels which are used to run a single remote command contains > exactly one string for the command. > > sshd (see bottom of do_child() in session.c) runs that command string as: > > remote_users_shell -c command I'm aware of that. That's why I said what I said. Sorry, but I don't understand what point you are making. > //Peter _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
