From owner-freebsd-bugs Tue Jan 16 23:40:19 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id BBD2137B402 for ; Tue, 16 Jan 2001 23:40:01 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f0H7e1o04769; Tue, 16 Jan 2001 23:40:01 -0800 (PST) (envelope-from gnats) Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id 9EB1637B400 for ; Tue, 16 Jan 2001 23:37:09 -0800 (PST) Received: from rfx-64-6-211-149.users.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Tue, 16 Jan 2001 23:35:22 -0800 Received: (from cjc@localhost) by rfx-64-6-211-149.users.reflexcom.com (8.11.1/8.11.0) id f0H7b7t60224; Tue, 16 Jan 2001 23:37:07 -0800 (PST) (envelope-from cjc) Message-Id: <200101170737.f0H7b7t60224@rfx-64-6-211-149.users.reflexcom.com> Date: Tue, 16 Jan 2001 23:37:07 -0800 (PST) From: cjclark@reflexcom.com Reply-To: cjclark@alum.mit.edu To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: bin/24399: OpenSSH forced commands munge output Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 24399 >Category: bin >Synopsis: OpenSSH forced commands munge output >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Jan 16 23:40:01 PST 2001 >Closed-Date: >Last-Modified: >Originator: Crist J. Clark >Release: FreeBSD 4.2-STABLE i386 >Organization: >Environment: FreeBSD 4.2-STABLE SSH Version OpenSSH_2.2.0, protocol versions 1.5/2.0. Compiled with SSL (0x0090600f). >Description: OpenSSH "forced commands," a command specified in the authorized_keys file, have their output mangled. It looks like their is some UNIX-MSDOS conversion going on. Newlines, \n, are substituted with \r\n. >How-To-Repeat: Assuming you have sshd running locally and don't have anything in your configs to break this kind of thing. $ man ssh > ssh_1.cat $ ssh-keygen -f sshtest -N "" -C SSH-Test $ { echo 'command="cat ssh_1.cat" '; cat sshtest.pub; } >> .ssh/authorized_keys $ ssh -i sshtest localhost > ssh_2.cat $ cmp ssh_1.cat ssh_2.cat ssh_1.cat ssh_2.cat differ: char 79, line 1 $ tr -d '\r' < ssh_2.cat > ssh_3.cat $ cmp ssh_1.cat ssh_3.cat $ But this works, $ ssh localhost "cat ssh_1.cat" > ssh_4.cat cjc@localhost's password: $ cmp ssh_1.cat ssh_4.cat $ >Fix: No workaround other than to not use forced commands. After a quick look at the code, I can't see how a "forced command" would produce different results than one provided on the command line. But that's what the tests show. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message