Re: Wheezy update of git-annex?
For what it's worth, I can reproduce this in Wheezy, using the following
proof of concept:
sudo apt-get install git-annex
git init foo
cd foo/
git remote add origin 'ssh://-oProxyCommand=ls/foo'
git annex init
git annex sync
the latter command calls "ls" which is our "evil command" here, at least
according to strace:
[pid 14350] execve("/usr/lib/git-core/ssh", ["ssh", "-S", "/home/vagrant/foo/.git/annex/ssh"..., "-o", "ControlMaster=auto", "-o", "ControlPersist=yes", "-oProxyCommand=ls", "git-annex-shell 'configlist' '/f"...], [/* 16 vars */]) = -1 ENOENT (No such file or directory)
[pid 14350] execve("/usr/local/bin/ssh", ["ssh", "-S", "/home/vagrant/foo/.git/annex/ssh"..., "-o", "ControlMaster=auto", "-o", "ControlPersist=yes", "-oProxyCommand=ls", "git-annex-shell 'configlist' '/f"...], [/* 16 vars */]) = -1 ENOENT (No such file or directory)
[pid 14350] execve("/usr/bin/ssh", ["ssh", "-S", "/home/vagrant/foo/.git/annex/ssh"..., "-o", "ControlMaster=auto", "-o", "ControlPersist=yes", "-oProxyCommand=ls", "git-annex-shell 'configlist' '/f"...], [/* 16 vars */]) = 0
Process 14351 attached
[pid 14351] execve("/bin/bash", ["/bin/bash", "-c", "exec ls"], [/* 16 vars */]) = 0
[pid 14351] execve("/bin/ls", ["ls"], [/* 15 vars */]) = 0
ssh_exchange_identification: Connection closed by remote host
Process 14350 detached
[pid 14343] --- SIGCHLD (Child exited) @ 0 (0) ---
Command ssh ["-S","/home/vagrant/foo/.git/annex/ssh/-oProxyCommand=ls","-o","ControlMaster=auto","-o","ControlPersist=yes","-oProxyCommand=ls","git-annex-shell 'configlist' '/foo'"] failed; exit code 255
commit
I am not sure how to fix this in wheezy. The code is obviously quite
different, but I figured we may be able to grep for the "ssh" string in
the source code and fix all relevant issues, while backporting the
SshHost utility...
Other ideas?
a.
--
Only in the darkness can you see the stars.
- Martin Luther King, Jr.
Reply to: