Bug 2791

Summary:

Match host exec doesn't resolve SHELL in the PATH

Product:

Portable OpenSSH

Reporter:

berdario

Component:

ssh

Assignee:

Assigned to nobody <unassigned-bugs>

Status:

CLOSED FIXED

Severity:

enhancement

CC:

djm, dtucker, r.friedwagner

Priority:

Version:

7.2p2

Hardware:

amd64

OS:

Mac OS X

Bug Depends on:

Bug Blocks:

2988

Attachments:

Description	Flags
check shell is executable to provide better error message	dtucker: ok+

Description berdario 2017-10-06 20:45:23 AEDT

If you have something like

  Match host *.example.com exec /usr/bin/true
    ProxyCommand /usr/local/bin/ssh-helper %h %p

in your ssh config, and your SHELL contains the name of the shell executable (and not its path), connection will fail with:

Unable to execute '/usr/bin/true': No such file or directory
command '/usr/bin/true' exited abnormally
/etc/ssh_config line 46: match exec '/usr/bin/true' error

Comment 1 Damien Miller 2017-10-23 12:26:38 AEDT

I don't think searching $PATH for SHELL is correct. The system shoudl never set $SHELL to a relative path and http://pubs.opengroup.org/onlinepubs/009695399/functions/system.html specifies system(3) to use execl(2), and it doesn't search $PATH.

Comment 2 berdario 2017-10-24 20:19:09 AEDT

Uhm, system(3) should use sh(1)

manpages for sh(1) on my system are explicitly about bash, but otherwise I think it should be about this:

http://pubs.opengroup.org/onlinepubs/009695399/utilities/sh.html

which says that the path for `sh` should be resolved from PATH

(I was under the impression that the POSIX standard specified that /bin/sh would always have to exist, but I guess I was wrong?)

I haven't looked into openssh source code, but given the above, I'd be surprised if it used system(3)

I understand that the behavior might not be changed, but the error message

Unable to execute '/usr/bin/true': No such file or directory

Seems to be a bit misleading to me, given that the actual command executed would've been something like

sh -c /usr/bin/true

Thanks anyhow for looking into this

Comment 3 berdario 2017-10-24 20:20:45 AEDT

Forgot to add:


  Unable to execute 'sh': No such file or directory


Would've been much clearer as an error message, imho

Comment 4 Damien Miller 2019-07-19 15:51:22 AEST

Created attachment 3302 [details]
check shell is executable to provide better error message

Comment 5 Damien Miller 2019-08-09 15:06:15 AEST

patch applied and will be in openssh-8.1, due soon. Thanks!

Comment 6 Damien Miller 2021-04-23 15:08:47 AEST

closing resolved bugs as of 8.6p1 release