search for: safeproxycommand

Displaying 2 results from an estimated 2 matches for "safeproxycommand".

[Bug 1762] Improve the documentation w.r.t. "the user's shell"
2017 Apr 07
0
[Bug 1762] Improve the documentation w.r.t. "the user's shell"
...command: ``` Host * ProxyCommand connect_to %r %h ``` What happened: `id>/tmp/whoami` was executed. What should have happened instead: 1) SSH passes %r/%h as an argument to the ProxyCommand without shell interpolation 2) %h should be validated to adhere to valid punycode 3) Introduce a SafeProxyCommand that only allows safe characters in %r/%h/etc... -- You are receiving this mail because: You are watching the assignee of the bug.
[Bug 2706] New: remote code execution via ProxyCommand+browser exploit
2017 Apr 07
2
[Bug 2706] New: remote code execution via ProxyCommand+browser exploit
...command: ``` Host * ProxyCommand connect_to %r %h ``` What happened: `id>/tmp/whoami` was executed. What should have happened instead: 1) SSH passes %r/%h as an argument to the ProxyCommand without shell interpolation 2) %h should be validated to adhere to valid punycode 3) Introduce a SafeProxyCommand that only allows safe characters in %r/%h/etc... -- You are receiving this mail because: You are watching the assignee of the bug.