Re: Incorrect protocol implementation by OpenSSH?



On Sat, 29 Sep 2007 08:49:36 +0100, Simon Tatham wrote:

H.K. Kingston-Smith <HKK-S@xxxxxxxxx> wrote:
I am not sure I entirely agree with that. If the client specifies
want-reply = 0 and the server does not support "exec", how can the
client know the reason behind the deadlock?

It can't.

It would seem that an "exec" (or "shell") request with want-reply
set to 0 sent to a server that does not support such a capability will
necessarily lead to a deadlock. Is this right in general?

I think so, yes. But you cannot deduce from that that the _server_
should do something different in that situation: it's the _client's_
fault for setting want_reply=0, and so the client should have done
something different. It isn't the server's job to exceed the protocol
specification in order to compensate for a broken client; it's the
client's job not to be broken in the first place.

That's right; OpenSSH is broken here.



.



Relevant Pages

  • Re: What doesnt lend itself to OO?
    ... >> proxy and instructs the server to constuct the real object. ... rather than client code. ... If 'clock' is instantiated in the server, ... > for the server interface at the OOA level. ...
    (comp.object)
  • Re: More Get-IPlayer Questions
    ... to use with mutt mail client. ... antinat - 0.90-4 - Antinat is a flexible SOCKS server and client ... protocol for Sybase or MS SQL Server. ... ifstat - 1.1-1 - InterFace STATistics Monitoring ...
    (uk.comp.os.linux)
  • This is going straight to the pool room
    ... or not the client has privilege to do what they're trying to do, ... The server environment is this: ... 3GL User action Routines that Tier3 will execute on your behalf during the ... Routine Name: USER_INIT ...
    (comp.os.vms)
  • UPnP inspector and mediatomb on different Subnets.
    ... Mediatomb installed on this box up and running I can point my Desktop PC ... server is in 10.184.0.37 net work. ... that I am not very familiar with is to install OpenVPN ... I have done that and started OpenVPN in server box and client in Desktop PC ...
    (freebsd-questions)
  • [Full-Disclosure] R: Full-Disclosure Digest, Vol 3, Issue 42
    ... Full-Disclosure Digest, Vol 3, Issue 42 ... SD Server 4.0.70 Directory Traversal Bug ... Arkeia Network Backup Client Remote Access ...
    (Full-Disclosure)