On Jul 5 11:06, Ian Kelling wrote:
> In the ssh package there is a bug in /usr/bin/ssh-host-config where if
> you select a valid password spaces or punctuation that bash knows of, it
> will fail and you could possibly shoot yourself in the foot due to
> evaling your password. I don't know who i
On Sun, Jul 05, 2009 at 03:50:02PM -0600, Eric Blake wrote:
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA1
>
>According to Ian Kelling on 7/5/2009 12:06 PM:
>> In the ssh package there is a bug in /usr/bin/ssh-host-config where if
>> you select a valid password spaces or punctuation that bash know
Eric Blake wrote:
The eval is still reasonable, but with proper quoting:
if eval cygrunsrv ... -y tcpip "${cygwin_env}"
No, thats not true. It is impossible to safely eval arbitrary user input.
Your simple quote doesn't help much:
# x="ok;ls"
# eval echo "{$x}"
For more in depth information,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
According to Ian Kelling on 7/5/2009 12:06 PM:
> In the ssh package there is a bug in /usr/bin/ssh-host-config where if
> you select a valid password spaces or punctuation that bash knows of, it
> will fail and you could possibly shoot yourself in the
4 matches
Mail list logo
