https://bugzilla.mindrot.org/show_bug.cgi?id=3884
--- Comment #4 from Beat Bolli <[email protected]> --- (In reply to Damien Miller from comment #3) > Does it need to deal with other shell metacharacters? > > If we do need to care about them, then maybe ssh-agent should just > check for their presence and either refuse to start or automatically > use /tmp for the agent sockets. It boils down to whether we consider $HOME attacker-controlled or not. If an attacker can control $HOME, the user may have bigger security issues than ssh-agent... -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
