Re: Prepending 'exec' to proxy command automatically
On Fri 18/12/2015, at 10:04 pm, Konstantin Tokarev wrote: >> https://secure.ucc.asn.au/hg/dropbear/rev/f7d565054e5f > > Why not use asprintf? I see scpmisc.c already uses vasprintf. I suspect it wouldn't work on some of the more uncommon platforms where people run Dropbear (I guess they don't run scp). malloc() is cheap enough given it's forking anyway. > I'm using busybox shell (and I guess it's the most popular shell choice among > dropbear users ;) Yep. I was just a bit puzzled when I first tried in my default shell. I wonder how much memory is wasted on embedded systems because they don't have that auto-exec trick... Matt
Re: Prepending 'exec' to proxy command automatically
18.12.2015, 16:24, "Matt Johnston" : > On Wed, Dec 16, 2015 at 04:32:03PM +0300, Konstantin Tokarev wrote: >> 08.12.2015, 21:00, "Konstantin Tokarev" : >> > If dbclient is given proxy command which does not start with exec, shell >> process is lingering alongside proxy command process. However, I've found >> that OpenSSH client (ProxyCommand option) prepends exec automatically. >> > >> > I think it would be convenient if dbclient added exec by default, but >> this will break if someone is already using explicit exec in -J argument. >> Note that OpenSSH client also breaks with exec. >> > >> > So options are: >> > >> > 1. Just prepend exec to all proxy commands and make too clever people fix >> their scripts. >> > 2. Check if proxy command starts with exec, if not, prepend it. >> > 3. Add separate -o ProxyCommand option prepending exec (it also should >> substitute %h, %p, and %r to be compatible with OpenSSH). Leave -J as is for >> compatibility but mark it as deprecated. >> > >> > What is the best way? > > Sorry, missed this mail originally. I think 1 is best, I've > pushed that as > https://secure.ucc.asn.au/hg/dropbear/rev/f7d565054e5f Why not use asprintf? I see scpmisc.c already uses vasprintf. > Interestingly bash and zsh seem to avoid the lingering shell > themselves without "exec". dash works for testing. I'm using busybox shell (and I guess it's the most popular shell choice among dropbear users ;) -- Regards, Konstantin
Re: Prepending 'exec' to proxy command automatically
On Wed, Dec 16, 2015 at 04:32:03PM +0300, Konstantin Tokarev wrote: > 08.12.2015, 21:00, "Konstantin Tokarev" : > > If dbclient is given proxy command which does not start with exec, shell > > process is lingering alongside proxy command process. However, I've found > > that OpenSSH client (ProxyCommand option) prepends exec automatically. > > > > I think it would be convenient if dbclient added exec by default, but this > > will break if someone is already using explicit exec in -J argument. Note > > that OpenSSH client also breaks with exec. > > > > So options are: > > > > 1. Just prepend exec to all proxy commands and make too clever people fix > > their scripts. > > 2. Check if proxy command starts with exec, if not, prepend it. > > 3. Add separate -o ProxyCommand option prepending exec (it also should > > substitute %h, %p, and %r to be compatible with OpenSSH). Leave -J as is > > for compatibility but mark it as deprecated. > > > > What is the best way? Sorry, missed this mail originally. I think 1 is best, I've pushed that as https://secure.ucc.asn.au/hg/dropbear/rev/f7d565054e5f Interestingly bash and zsh seem to avoid the lingering shell themselves without "exec". dash works for testing. Cheers, Matt
Re: Prepending 'exec' to proxy command automatically
08.12.2015, 21:00, "Konstantin Tokarev" : > If dbclient is given proxy command which does not start with exec, shell > process is lingering alongside proxy command process. However, I've found > that OpenSSH client (ProxyCommand option) prepends exec automatically. > > I think it would be convenient if dbclient added exec by default, but this > will break if someone is already using explicit exec in -J argument. Note > that OpenSSH client also breaks with exec. > > So options are: > > 1. Just prepend exec to all proxy commands and make too clever people fix > their scripts. > 2. Check if proxy command starts with exec, if not, prepend it. > 3. Add separate -o ProxyCommand option prepending exec (it also should > substitute %h, %p, and %r to be compatible with OpenSSH). Leave -J as is for > compatibility but mark it as deprecated. > > What is the best way? Matt, what do you think? -- Regards, Konstantin
