openssh unix dev - May 2023 - command [argument ...] in ssh(1): a footgun

Hi,

ssh(1) currently affords an argument-passing functionality, but as the 
manpage states, all arguments are simply concatenated by space. This 
behavior is non-obvious for those reading only the synopsis: one would 
expect something that takes argv input to somehow preserve the argument 
boundary and not, say, let a semicolon ruin all the fun. This is 
probably old news for all of you.

I have two proposals for dealing with this problem. One modest, one less 
  so.

The modest proposal is that we put a giant CAVEATS section in the manual 
page. Now this does not help anyone who won't read the manpage at all, 
but at least by spelling it out we catch skim readers' attention. If 
someone's code blows up with this assumption, we can at least say "we 
told you so".

The less modest one is we throw out the "[argument ...]" part 
altogether. It does not add much functionality, really: everything it 
does can be achieved by putting a big quotation mark over the existing 
arguments invocation. There is not much to lose by doing so, except for 
the logistical costs of deprecation and removal.

What about escaping the arguments? Nobody said the user has to use a 
POSIX shell, so we simply don't have a universal escape method. The 
manual's DESCRIPTION section is a bit vague here: it does not specify 
which shell is used. In truth, session.c runs the user's shell via the 
`-c` option, not just the system POSIX shell via system().

Sincerely,
Mingye Wang (Artoria2e5)

On Fri, 26 May 2023, Mingye Wang (Artoria2e5) wrote:
> ssh(1) currently affords an argument-passing functionality, but as the
manpage
> states, all arguments are simply concatenated by space.
How else would it do that? The arguments are processed by the
shell first then passed as an array of NUL-terminated strings.
> The modest proposal is that we put a giant CAVEATS section in the manual
page.
That might be useful indeed.
> The less modest one is we throw out the "[argument ...]" part
altogether. It
Absolutely not. This will break about all uses of ssh in existence.
> What about escaping the arguments? Nobody said the user has to use a POSIX
Absolutely not. This will break almost all uses of ssh in existence.

bye,
//mirabilos
-- 
Infrastrukturexperte ? tarent solutions GmbH
Am Dickobskreuz 10, D-53121 Bonn ? http://www.tarent.de/
Telephon +49 228 54881-393 ? Fax: +49 228 54881-235
HRB AG Bonn 5168 ? USt-ID (VAT): DE122264941
Gesch?ftsf?hrer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

                        ****************************************************
/?\ The UTF-8 Ribbon
??? Campaign against      Mit dem tarent-Newsletter nichts mehr verpassen:
??? HTML eMail! Also,     https://www.tarent.de/newsletter
??? header encryption!
                        ****************************************************