This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

ssh-host-config eval password bug


In the ssh package there is a bug in /usr/bin/ssh-host-config where if you select a valid password spaces or punctuation that bash knows of, it will fail and you could possibly shoot yourself in the foot due to evaling your password. I don't know who is responsible, or what mailing list to post on, but here is a patch.

- Ian Kelling

--- ssh-host-config.old	2009-05-29 22:35:16.244777500 -0700
+++ ssh-host-config	2009-05-29 22:40:31.234257500 -0700
@@ -323,12 +323,12 @@

 	if [ -n "${csih_cygenv}" ]
 	then
-	  cygwin_env="-e CYGWIN=\"${csih_cygenv}\""
+	  cygwin_env=( -e "CYGWIN=${csih_cygenv}" )
 	fi
 	if [ -z "${password}" ]
 	then
-	  if eval cygrunsrv -I sshd -d \"CYGWIN sshd\" -p /usr/sbin/sshd \
-			    -a "-D" -y tcpip ${cygwin_env}
+	  if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd \
+			    -a "-D" -y tcpip "${cygwin_env[@]}"
 	  then
 	    echo
 	    csih_inform "The sshd service has been installed under the LocalSystem"
@@ -337,8 +337,8 @@
 	    csih_inform "will start automatically after the next reboot."
 	  fi
 	else
-	  if eval cygrunsrv -I sshd -d \"CYGWIN sshd\" -p /usr/sbin/sshd \
-			    -a "-D" -y tcpip ${cygwin_env} \
+	  if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd \
+			    -a "-D" -y tcpip "${cygwin_env[@]}" \
 			    -u "${run_service_as}" -w "${password}"
 	  then
 	    echo


-- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]