df11e54788
Security fix: Disallow hostname starting with a dash, which would get passed to ssh and be treated an option. This could be used by an attacker who provides a crafted ssh url (for eg a git remote) to execute arbitrary code via ssh -oProxyCommand. No CVE has yet been assigned for this hole. The same class of security hole recently affected git itself, CVE-2017-1000117. Method: Identified all places where ssh is run, by git grep '"ssh"' Converted them all to use a SshHost, if they did not already, for specifying the hostname. SshHost was made a data type with a smart constructor, which rejects hostnames starting with '-'. Note that git-annex already contains extensive use of Utility.SafeCommand, which fixes a similar class of problem where a filename starting with a dash gets passed to a program which treats it as an option. This commit was sponsored by Jochen Bartl on Patreon. |
||
|---|---|---|
| .. | ||
| AWS.hs | ||
| Delete.hs | ||
| Edit.hs | ||
| Fsck.hs | ||
| IA.hs | ||
| Local.hs | ||
| Pairing.hs | ||
| Preferences.hs | ||
| Ssh.hs | ||
| Unused.hs | ||
| Upgrade.hs | ||
| WebDAV.hs | ||