bugzilla-daemon at mindrot.org
2013-Apr-20 14:02 UTC
[Bug 2094] New: Executing commands via ssh on a remote host has different parameter passing properties
https://bugzilla.mindrot.org/show_bug.cgi?id=2094
Bug ID: 2094
Summary: Executing commands via ssh on a remote host has
different parameter passing properties
Classification: Unclassified
Product: Portable OpenSSH
Version: 6.2p1
Hardware: Other
OS: OpenBSD
Status: NEW
Severity: normal
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: laurie at tratt.net
Consider the file /tmp/ap.sh which simply prints out all the arguments
to it:
#! /bin/sh
while [ $# -ge 1 ]; do
echo "arg: $1"
shift
done
If I create a C file ex_local.c:
#include <unistd.h>
int main(int argc, char** argv) {
execlp(argv[1], argv[1], "a", "a'b", NULL);
return 0;
}
and then compile and run it, the arguments passed to it are printed
out:
$ ex_local /tmp/ap.sh
a
a'b
$
which is correct. If I have this C file ex_ssh.c:
#include <unistd.h>
int main(int argc, char** argv) {
execlp("/usr/bin/ssh", "/usr/bin/ssh", argv[1],
argv[2], "a",
"a'b", NULL);
return 0;
}
and run it:
$ ex_ssh somehost.com /tmp/ap.sh
zsh:1: unmatched '
then /tmp/ap.sh isn't even executed on the remote machine. This
surprised me, because (perhaps naively), I expected parameters passed
to a command to work identically whether that command is local or run
via ssh. Just to show that it isn't the fault of zsh on the remote
machine, other shells show the same problem even with a simpler version
of the escaping problem:
$ echo ls \'
'
$ ssh someotherhost.com echo ls \'
bash: -c: line 0: unexpected EOF while looking for matching `''
bash: -c: line 1: syntax error: unexpected end of file
The basic problem, as far as I can tell, is that ssh is passing
arguments as unprotected strings to the remote shell to execute the
command. In essence, "funny" characters (e.g. ') are being
reevaluated
remotely, even though they would not locally.
Assuming I have got the right end of the stick so far (which is no by
no means guaranteed), it's not obvious to me what the best behaviour
should be. When a user executes a command via ssh, there is a soft
notion that a login shell will be executed, with the users normal
customisation, before the command is executed. I presume this is what
ssh is doing at the moment, and where the parameter problem occurs. The
only way I can see for arguments to be passed reliably is for ssh to
invoke a middle-man command which then execv's with precisely the
parameters passed to ssh itself. This might be rather heavy-weight for
most uses, and will break backwards compatibility (some people are
bound to have inadvertently come to rely on the current behaviour):
perhaps it could be enabled via an optional switch?
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at natsu.mindrot.org
2013-Oct-23 23:43 UTC
[Bug 2094] Executing commands via ssh on a remote host has different parameter passing properties
https://bugzilla.mindrot.org/show_bug.cgi?id=2094
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |djm at mindrot.org
Resolution|--- |WONTFIX
--- Comment #1 from Damien Miller <djm at mindrot.org> ---
This is a known limitation of the SSH protocol, and the rcp protocol
before that - dating back 30 years. It's simply too late to change it.
A better approach might be to define a protocol extension that allows
explicit argument passing, rather than just a single string command. We
don't have any plans to do this; the workaround of adding quoting to
the remote command is well-understood and easy to implement.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at natsu.mindrot.org
2013-Oct-23 23:59 UTC
[Bug 2094] Executing commands via ssh on a remote host has different parameter passing properties
https://bugzilla.mindrot.org/show_bug.cgi?id=2094
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at zip.com.au
--- Comment #2 from Darren Tucker <dtucker at zip.com.au> ---
I think you meant "rsh" not "rcp".
Anyway, here's how RFC4254 defines the protocol message to run a remote
command (section 6.5):
byte SSH_MSG_CHANNEL_REQUEST
uint32 recipient channel
string "exec"
boolean want reply
string command
This message will request that the server start the execution of the
given command. The 'command' string may contain a path. Normal
precautions MUST be taken to prevent the execution of unauthorized
commands.
Note that there's only a single string for the command, there's no
facility to pass a list of args other than quoting it. Exactly what
quoting is required is dependent on the user's shell at the other end.
You can work around some quoting issues by doing something like this:
$ ssh <<EOF localhost /bin/sh
echo "'quoted"
EOF
'quoted
instead of
$ ssh localhost echo "'quoted"
bash: -c: line 0: unexpected EOF while looking for matching `''
bash: -c: line 1: syntax error: unexpected end of file
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2015-Aug-11 13:03 UTC
[Bug 2094] Executing commands via ssh on a remote host has different parameter passing properties
https://bugzilla.mindrot.org/show_bug.cgi?id=2094
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #3 from Damien Miller <djm at mindrot.org> ---
Set all RESOLVED bugs to CLOSED with release of OpenSSH 7.1
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.