This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: ssh-host-config eval password bug
- From: Eric Blake <ebb9 at byu dot net>
- To: cygwin at cygwin dot com
- Date: Sun, 05 Jul 2009 15:50:02 -0600
- Subject: Re: ssh-host-config eval password bug
- References: <4A50EBA3.9090000@gmail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
According to Ian Kelling on 7/5/2009 12:06 PM:
> In the ssh package there is a bug in /usr/bin/ssh-host-config where if
> you select a valid password spaces or punctuation that bash knows of, it
> will fail and you could possibly shoot yourself in the foot due to
> evaling your password. I don't know who is responsible, or what mailing
> list to post on, but here is a patch.
This is the right list.
> - cygwin_env="-e CYGWIN=\"${csih_cygenv}\""
> + cygwin_env=( -e "CYGWIN=${csih_cygenv}" )
I don't see why you need an array variable.
> fi
> if [ -z "${password}" ]
> then
> - if eval cygrunsrv -I sshd -d \"CYGWIN sshd\" -p /usr/sbin/sshd \
> - -a "-D" -y tcpip ${cygwin_env}
> + if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd \
> + -a "-D" -y tcpip "${cygwin_env[@]}"
The eval is still reasonable, but with proper quoting:
if eval cygrunsrv ... -y tcpip "${cygwin_env}"
- --
Don't work too hard, make some time for fun as well!
Eric Blake ebb9@byu.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkpRIAoACgkQ84KuGfSFAYAAZQCghGoY51fmSiEpxbAP3iRdmVuj
hEAAn3VxdXV8mSpRKG8j++35F9QQH8+6
=FYJ6
-----END PGP SIGNATURE-----
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple