Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
cwillu
5 months ago
|
parent
|
context
|
favorite
| on:
SSH ProxyCommand == unexpected code execution (CVE...
I guess the real issue is that ProxyCommand is evaluated by a shell, but the substitutions is done textually by ssh rather than by the shell, i.e., by providing the hostname via a environment variable.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search: