Comment by blueflow

6 days ago

> hidden argv join

It is not hidden. It is written down in plain sight:

  A complete command line may be specified as command, or it may have additional arguments. If supplied, the arguments will be appended to the command, separated by spaces, before it is sent to the server to be executed.

- third line in `man 1 ssh`

25 comments

blueflow

chubot 6 days ago

It's hidden in the sense that it creates ambiguity at the usage site. Compare with sudo:

    $ sudo ls 'file with spaces'
    ls: cannot access 'file with spaces': No such file or directory

If ssh (and sh eval) did not accept multiple arguments, then this wouldn't even get to ls:

    $ ssh example.com ls 'file with spaces'
    ls: cannot access 'file': No such file or directory
    ls: cannot access 'with': No such file or directory
    ls: cannot access 'spaces': No such file or directory

Accepting argv is better. Or forcing this is better:

    $ ssh example.com "ls 'file with spaces'"

So it's clear it's a single shell string.

Accepting a shell string is sometimes OK, but silently joining multiple args is useless, and insecure.

"RTFM" is not a good answer when security is involved.

blueflow 6 days ago
This stubborn attitude to refuse to consult the documentation at all and then expect the tool to work according to your preconceptions.
Tools do have rough edges, if you don't want to learn about them, you will get bitten.
- nothrabannosir 6 days ago
  
  This statement can be true without contradicting anything anyone said upstream. Otherwise could use it to justify just about any bad design decision.
  Yes it’s in the docs. Yes people who carefully read the docs won’t get bitten. Also yes the design could be improved so people don’t make this mistake even without reading the docs.
  Both things can be true. We’re currently only talking about the latter, though.
  
  1 reply →
- chubot 6 days ago
  
  It’s a design mistake because it adds exactly zero functionality.
  The only thing it adds is insecurity.
  If the feature didn’t exist, then it wouldn’t need to be documented, and the world would be better.
  
  14 replies →
- immibis 5 days ago
  
  This very stubborn attitude to defend a bad design because it's documented.
  Bugs can be fixed.
  
  1 reply →
- pwdisswordfishz 5 days ago
  
  > Tools do have rough edges, if you don't want to learn about them, you will get bitten.
  I presume you consider INTERCAL to be a sanely designed programming language.
  
  1 reply →

scbrg 5 days ago

That's honestly not particularly clear. It doesn't say the command will be invoked by a shell on the remote host. Sure the whole "separated by spaces" thing sorta implies it will, as spaces don't mean much to anything but a shell, but it's still fairly vague.

In fact, later on the man page only mentions a shell in the part that talks about the behavior when no additional arguments are given:

  When the user's identity has been accepted by the server, the server either executes the given command in a non-interactive session or, if no command has been specified, logs into the machine and gives the user a normal shell as an interactive session.

The wording "executes the given command" would generally not imply "I'll just throw it at $SHELL and see what happens".

A few lines later it gets even more confusing:

  The session terminates when the command or shell on the remote machine exits and all X11 and TCP connections have been closed.

...which I definitely would say suggests that either a shell is executed or the command supplied as argument to ssh. That it means "command as interpreted by a shell on the remote host" is far from obvious.

blueflow 4 days ago

> The wording "executes the given command" would generally not imply "I'll just throw it at $SHELL and see what happens".
"command" means exactly that. Evaluation by shell. With that in mind, the manual page should read less ambiguous to you.
I actually don't have a good source for that, but you can check the execve(2) manpage. If command would refer to the execution of an argument vector, it would have been mentioned in there.
The other meaning of "command" refers to specific programs like those in /bin.