On Thu, Aug 31, 2006 at 03:39:25PM -0400, Sam Hartman wrote:
>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams%sun.com@localhost> writes:
Nicolas> On Thu, Aug 31, 2006 at 08:52:03AM -0400, Sam Hartman
Nicolas> wrote:
>> I'd like to draw your attention to a particularly annoying part
>> of RFC 4254:
>>
>> This last form executes a predefined subsystem. It is expected
>> that these will include a general file transfer mechanism, and
>> possibly other features. Implementations may also allow
>> configuring more such mechanisms. As the user's shell is
>> usually used to execute the subsystem, it is advisable for the
>> subsystem protocol to have a "magic cookie" at the beginning of
>> the protocol transaction to distinguish it from arbitrary
>> output generated by shell initialization scripts, etc. This
>> spurious output from the shell may be filtered out either at
>> the server or at the client.
>>
>>
>> In order to guarantee interoperability, your subsystem needs to
>> be able to filter out leading garbage and clients MUST do so.
Nicolas> The text you quote says "advisable" and "may."
Yes. The server MAY spew random garbage. So, the client MUST deal
with it.
Again, "it is advisable for the subsystem protocol to have a "magic
cookie" ..."
That is, there's no requirement for a magic cookie. And there is no
RFC2119 'MAY' about user shells spewing garbage.