ssh-host-config eval password bug
Eric Blake
ebb9@byu.net
Sun Jul 5 22:31:00 GMT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
According to Ian Kelling on 7/5/2009 12:06 PM:
> In the ssh package there is a bug in /usr/bin/ssh-host-config where if
> you select a valid password spaces or punctuation that bash knows of, it
> will fail and you could possibly shoot yourself in the foot due to
> evaling your password. I don't know who is responsible, or what mailing
> list to post on, but here is a patch.
This is the right list.
> - cygwin_env="-e CYGWIN=\"${csih_cygenv}\""
> + cygwin_env=( -e "CYGWIN=${csih_cygenv}" )
I don't see why you need an array variable.
> fi
> if [ -z "${password}" ]
> then
> - if eval cygrunsrv -I sshd -d \"CYGWIN sshd\" -p /usr/sbin/sshd \
> - -a "-D" -y tcpip ${cygwin_env}
> + if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd \
> + -a "-D" -y tcpip "${cygwin_env[@]}"
The eval is still reasonable, but with proper quoting:
if eval cygrunsrv ... -y tcpip "${cygwin_env}"
- --
Don't work too hard, make some time for fun as well!
Eric Blake ebb9@byu.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkpRIAoACgkQ84KuGfSFAYAAZQCghGoY51fmSiEpxbAP3iRdmVuj
hEAAn3VxdXV8mSpRKG8j++35F9QQH8+6
=FYJ6
-----END PGP SIGNATURE-----
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list