openssh bugs - Jul 2014 - [Bug 2253] New: No "$@"-like SSH_ORIGINAL_COMMAND leads to escaping, arg-sep and metachar issues

https://bugzilla.mindrot.org/show_bug.cgi?id=2253

            Bug ID: 2253
           Summary: No "$@"-like SSH_ORIGINAL_COMMAND leads to
escaping,
                    arg-sep and metachar issues
           Product: Portable OpenSSH
           Version: 6.6p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: ringerc at ringerc.id.au

Hi all

I've recently noticed that it's quite tricky to get a remote OpenSSH
command to be invoked with the correct arguments, especially if using a
command= specifier in a public key entry with "$SSH_ORIGINAL_COMMAND".

When ssh is invoked, any argument quoting is consumed by the calling
shell. ssh then passes the command to sshd, where it's stored in
SSH_ORIGINAL_COMMAND. However, no escaping is performed by ssh or sshd
to ensure that shell metacharacters are escaped and whitespace regions
within arguments aren't treated as argument separators.

In a normal shell, one uses "$@", which is the
argument-separation-and-metachar aware version of "$*".

OpenSSH lacks any equivalent. It needs one to make it possible to use
SSH_ORIGINAL_COMMAND securely without making arbitrary rules ("the
command may not contain any shell metachars and spaces within arguments
are not permitted").

It really needs a $SSH_ESCAPED_ORIGINAL_COMMAND .

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2253

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |WONTFIX
                 CC|                            |djm at mindrot.org
             Status|NEW                         |RESOLVED

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
The SSH protocol passes the requested command as a single string and
not an array of arguments, so there is no way for SSH_ORIGINAL_COMMAND
to reliably go back to what was specified on the client's commandline.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2253

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
Close all resolved bugs after 7.3p1 release

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.