this post was submitted on 14 Jul 2023
10 points (91.7% liked)

Hacker News

2171 readers
1 users here now

A mirror of Hacker News' best submissions.

founded 2 years ago
MODERATORS
[email protected]
10
OpenSSH might surprise you – in all the wrong ways (blog.devops.dev)
submitted 2 years ago by [email protected] to c/[email protected]
1 comments fedilink hide all child comments
 

HN Discussion

you are viewing a single comment's thread
view the rest of the comments
[–] Virgo 2 points 2 years ago* (last edited 2 years ago)

Is this exploitable? And if so is there a CVE to rectify it?

From the article:

The ssh manpage vaguely alludes to this behaviour with the following sentence: If a command is specified, it will be executed on the remote host instead of a login shell. A complete command line may be specified as command, or it may have additional arguments. If supplied, the arguments will be appended to the command, separated by spaces, before it is sent to the server to be executed.

The sentence I’m referring to is If supplied, the arguments will be appended to the command, separated by spaces, but to my mind it is very unclear and fails to convey the fact that ssh does its own expansion of command line arguments containing spaces themselves.”