Comment by endiangroup
7 days ago
AD: Huh! I just wrote a utility cmd [1] this weekend to deal with restricting ssh keys to executing only commands that match a rule set via `ForceCommand` in `sshd_config` or `Command=""` in `authorized_keys`. I'm curious to see how susceptible it is to the aforementioned issues, it does delegate to `<shell> -c '<cmd>'` under the hood [2], but there are checks to ensure only a single command option argument `--` is passed (to mitigate metacharacter expansions) [3].
Note this tool is only intended to be another layer in security.
[1] https://github.com/endiangroup/cmdjail [2] https://github.com/endiangroup/cmdjail/blob/main/main.go#L30... [3] https://github.com/endiangroup/cmdjail/blob/main/config.go#L...
Note that OpenSSH always runs commands in a shell, and so far they refused to add support for exec.
https://bugzilla.mindrot.org/show_bug.cgi?id=2283
The docs say that exec.Command works with execv directly, so there should be no issue? You dont seem to call out to /bin/sh at all.