Re: Additional AD Comment: draft-ietf-secsh-publickey-subsystem and garbage

[Nicolas Williams <Nicolas.Williams%sun.com@localhost>]

On Thu, Aug 31, 2006 at 03:39:25PM -0400, Sam Hartman wrote:
> >>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams%sun.com@localhost> writes:
> 
>     Nicolas> On Thu, Aug 31, 2006 at 08:52:03AM -0400, Sam Hartman
>     Nicolas> wrote:
>     >> I'd like to draw your attention to a particularly annoying part
>     >> of RFC 4254:
>     >> 
>     >> This last form executes a predefined subsystem.  It is expected
>     >> that these will include a general file transfer mechanism, and
>     >> possibly other features.  Implementations may also allow
>     >> configuring more such mechanisms.  As the user's shell is
>     >> usually used to execute the subsystem, it is advisable for the
>     >> subsystem protocol to have a "magic cookie" at the beginning of
>     >> the protocol transaction to distinguish it from arbitrary
>     >> output generated by shell initialization scripts, etc.  This
>     >> spurious output from the shell may be filtered out either at
>     >> the server or at the client.
>     >> 
>     >> 
>     >> In order to guarantee interoperability, your subsystem needs to
>     >> be able to filter out leading garbage and clients MUST do so.
> 
>     Nicolas> The text you quote says "advisable" and "may."
> 
> Yes.  The server MAY spew random garbage.  So, the client MUST deal
> with it.

Again, "it is advisable for the subsystem protocol to have a "magic
cookie" ..."

That is, there's no requirement for a magic cookie.  And there is no
RFC2119 'MAY' about user shells spewing garbage.

That said, I believe the answer that the version packet is like such a
magic cookie should suffice, no?

Nico
--