https://bugzilla.mindrot.org/show_bug.cgi?id=2081
--- Comment #28 from Damien Miller <[email protected]> --- I'm not sure about splitting arguments in sshd, I think I'd prefer to just pass the whole AuthorizedKeysCommand to the shell like the current code (and all other *command options in ssh/sshd). Beyond the username (which must exist in the system password database) and key text (which cannot contain shell metacharacters), there are no attacker-controllable values in the command and so it should be quite safe to pass to the shell. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
