https://bugzilla.mindrot.org/show_bug.cgi?id=3884
Simon Josefsson <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #5 from Simon Josefsson <[email protected]> --- I recall some other code that consider HOME potentially attacker-controller and use `getpwent` to get a "trusted" path to the user's home directory. This may be an option here? Still, it is valid to have /etc/passwd home folders with SPC in the name, so things shouldn't break on that. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
