openssh unix dev - Oct 2013 - Lazy evaluation of exec clause in ssh Match statement

Hello,

At present, if a ssh Match block contains an exec clause, the specified
command is executed regardless of whether any preceding clauses are
true. Thus,

	Match host !*.* exec "some_command %h"
		...

would always execute some_command regardless of whether the host matches
the preceding pattern. That seems undesirable, particularly as the
user-specified command may do name lookups or other operations that may
introduce delays.

Using a lazy approach, where the command is only executed if the
preceding clauses are true would seem to be better.

-- 
Iain Morgan

On Wed, Oct 30, 2013 at 12:02:03 -0700, Iain Morgan
wrote:
> Hello,
> 
> At present, if a ssh Match block contains an exec clause, the specified
> command is executed regardless of whether any preceding clauses are
> true. Thus,
> 
> 	Match host !*.* exec "some_command %h"
> 		...
> 
> would always execute some_command regardless of whether the host matches
> the preceding pattern. That seems undesirable, particularly as the
> user-specified command may do name lookups or other operations that may
> introduce delays.
> 
> Using a lazy approach, where the command is only executed if the
> preceding clauses are true would seem to be better.
> 
> -- 
> Iain Morgan
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
It looks like there is alos an issue with negation, so a better example
of the initial issue would be:

 	Match user someuser exec "some_command %h"
 		...

-- 
Iain Morgan