https://bugzilla.mindrot.org/show_bug.cgi?id=2081
--- Comment #10 from Daniel Kahn Gillmor <[email protected]> --- in discussion on the mailing list, i also pointed out that the argv are more likely to leak to other processes on the host than the environment: http://marc.info/?l=openssh-unix-dev&m=139553657027791&w=2 If you think we should make everything available in the same space, maybe we should also make the user name available in the environment? iirc, the AuthorizedKeysCommand was initially implemented as a single executable program with no configurable extra arguments, shell-metacharacters, percent-escaping, or anything else complicated to try to avoid creating a footgun for administrators who might put something over-fancy in the config file, since this command will be triggered by arbitrary remote network access (because it happens before authentication/authorization). Keeping the interface as minimally-configurable as possible seems to try to keep to that same goal. -- You are receiving this mail because: You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
