diff options
author | djm@openbsd.org <djm@openbsd.org> | 2023-10-04 04:03:50 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2023-10-04 15:33:27 +1100 |
commit | ffe27e54a4bb18d5d3bbd3f4cc93a41b8d94dfd2 (patch) | |
tree | 80db5d805f9eef2f546b5dbfc87bf8357f50b861 | |
parent | 60ec3d54fd1ebfe2dda75893fa1e870b8dffbb0d (diff) |
upstream: add some cautionary text about % token expansion and
shell metacharacters; based on report from vinci AT protonmail.ch
OpenBSD-Commit-ID: aa1450a54fcee2f153ef70368d90edb1e7019113
-rw-r--r-- | ssh_config.5 | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/ssh_config.5 b/ssh_config.5 index 7f64c2cf..367305d2 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.386 2023/08/28 09:52:09 djm Exp $ -.Dd $Mdocdate: August 28 2023 $ +.\" $OpenBSD: ssh_config.5,v 1.387 2023/10/04 04:03:50 djm Exp $ +.Dd $Mdocdate: October 4 2023 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -2206,6 +2206,16 @@ accepts all tokens. and .Cm ProxyJump accept the tokens %%, %h, %n, %p, and %r. +.Pp +Note that some of these directives build commands for execution via the shell. +Because +.Xr ssh 1 +performs no filtering or escaping of characters that have special meaning in +shell commands (e.g. quotes), it is the user's reposibility to ensure that +the arguments passed to +.Xr ssh 1 +do not contain such characters and that tokens are appropriately quoted +when used. .Sh ENVIRONMENT VARIABLES Arguments to some keywords can be expanded at runtime from environment variables on the client by enclosing them in |