Mingye Wang (Artoria2e5)
2023-May-26  08:33 UTC
command [argument ...] in ssh(1): a footgun
Hi, ssh(1) currently affords an argument-passing functionality, but as the manpage states, all arguments are simply concatenated by space. This behavior is non-obvious for those reading only the synopsis: one would expect something that takes argv input to somehow preserve the argument boundary and not, say, let a semicolon ruin all the fun. This is probably old news for all of you. I have two proposals for dealing with this problem. One modest, one less so. The modest proposal is that we put a giant CAVEATS section in the manual page. Now this does not help anyone who won't read the manpage at all, but at least by spelling it out we catch skim readers' attention. If someone's code blows up with this assumption, we can at least say "we told you so". The less modest one is we throw out the "[argument ...]" part altogether. It does not add much functionality, really: everything it does can be achieved by putting a big quotation mark over the existing arguments invocation. There is not much to lose by doing so, except for the logistical costs of deprecation and removal. What about escaping the arguments? Nobody said the user has to use a POSIX shell, so we simply don't have a universal escape method. The manual's DESCRIPTION section is a bit vague here: it does not specify which shell is used. In truth, session.c runs the user's shell via the `-c` option, not just the system POSIX shell via system(). Sincerely, Mingye Wang (Artoria2e5)
On Fri, 26 May 2023, Mingye Wang (Artoria2e5) wrote:> ssh(1) currently affords an argument-passing functionality, but as the manpage > states, all arguments are simply concatenated by space.How else would it do that? The arguments are processed by the shell first then passed as an array of NUL-terminated strings.> The modest proposal is that we put a giant CAVEATS section in the manual page.That might be useful indeed.> The less modest one is we throw out the "[argument ...]" part altogether. ItAbsolutely not. This will break about all uses of ssh in existence.> What about escaping the arguments? Nobody said the user has to use a POSIXAbsolutely not. This will break almost all uses of ssh in existence. bye, //mirabilos -- Infrastrukturexperte ? tarent solutions GmbH Am Dickobskreuz 10, D-53121 Bonn ? http://www.tarent.de/ Telephon +49 228 54881-393 ? Fax: +49 228 54881-235 HRB AG Bonn 5168 ? USt-ID (VAT): DE122264941 Gesch?ftsf?hrer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg **************************************************** /?\ The UTF-8 Ribbon ??? Campaign against Mit dem tarent-Newsletter nichts mehr verpassen: ??? HTML eMail! Also, https://www.tarent.de/newsletter ??? header encryption! ****************************************************