IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

last-call issues..



Bill Sommerfeld writes:
>  - Subsystem robustness:
> 
> The ".cshrc output mixed into subsystem output" issue is purely a
> local implementation issue; subsystem cookie text should be deleted.

I don't agree on this change. I think the current text should be in
the connect document, but it might need some polishing:

----------------------------------------------------------------------
... As the user's shell is usually used to execute the
subsystem, it is advisable for the subsystem protocol to have a "magic
cookie" at the beginning of the protocol transaction to distinguish from
arbitrary output from shell initialization scripts etc. This spurious
output from the shell may be filtered out either at the server or at the
client.
----------------------------------------------------------------------

->

----------------------------------------------------------------------
As the user's shell might be used to execute the subsystem, it is good
subsystem protocol design to include a "magic cookie" at the beginning
of the protocol transaction to distinguish from arbitrary output from
shell initialization scripts etc. For example the subsystem protocol
version number packet might act as a this kind of "magic cookie". In
this case the subsystem protocol can be defined so that it ignores
everything before this "magic cookie" version number packet (similar
thing is already done for example the transport layer for the protocol
version strings).
----------------------------------------------------------------------

> Advice to implementors should state that server implementations which
> allow for subsystems to be "plugged in" in should to define an
> interface to subsystem implementations to prevent any extraneous
> output (perhaps from a shell) from being mixed into the subsystem
> output sent over the wire.  (no wire protocol change involved)

No, I think it more advisable to suggest that subsystem protocols
should be desing so that they can ignore the extra data before the
actual protocol starts. It makes things much easier for the
implementator, adminstrators and users.

Note, this "magic cookie" stuff is not part of the transport layer
protocol, it is part of the subsystem protocol specification, and we
just give here a hint for subsystem protocol designers how to make
their protocol resistant to this kind of invalid usage from the
adminstrators or from the users. 

> Resolution:
> 	need volunteer to provide text for this.

Is the text above acceptable. 
-- 
kivinen%ssh.fi@localhost                               Work : +358 303 9870
SSH Communications Security                  http://www.ssh.fi/
SSH IPSEC Toolkit                            http://www.ssh.fi/ipsec/



Home | Main Index | Thread Index | Old Index