Date: Tue, 16 Jan 2001 23:37:07 -0800 (PST) From: cjclark@reflexcom.com To: FreeBSD-gnats-submit@freebsd.org Subject: bin/24399: OpenSSH forced commands munge output Message-ID: <200101170737.f0H7b7t60224@rfx-64-6-211-149.users.reflexcom.com>
next in thread | raw e-mail | index | archive | help
>Number: 24399 >Category: bin >Synopsis: OpenSSH forced commands munge output >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Jan 16 23:40:01 PST 2001 >Closed-Date: >Last-Modified: >Originator: Crist J. Clark >Release: FreeBSD 4.2-STABLE i386 >Organization: >Environment: FreeBSD 4.2-STABLE SSH Version OpenSSH_2.2.0, protocol versions 1.5/2.0. Compiled with SSL (0x0090600f). >Description: OpenSSH "forced commands," a command specified in the authorized_keys file, have their output mangled. It looks like their is some UNIX-MSDOS conversion going on. Newlines, \n, are substituted with \r\n. >How-To-Repeat: Assuming you have sshd running locally and don't have anything in your configs to break this kind of thing. $ man ssh > ssh_1.cat $ ssh-keygen -f sshtest -N "" -C SSH-Test $ { echo 'command="cat ssh_1.cat" '; cat sshtest.pub; } >> .ssh/authorized_keys $ ssh -i sshtest localhost > ssh_2.cat $ cmp ssh_1.cat ssh_2.cat ssh_1.cat ssh_2.cat differ: char 79, line 1 $ tr -d '\r' < ssh_2.cat > ssh_3.cat $ cmp ssh_1.cat ssh_3.cat $ But this works, $ ssh localhost "cat ssh_1.cat" > ssh_4.cat cjc@localhost's password: $ cmp ssh_1.cat ssh_4.cat $ >Fix: No workaround other than to not use forced commands. After a quick look at the code, I can't see how a "forced command" would produce different results than one provided on the command line. But that's what the tests show. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200101170737.f0H7b7t60224>