Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: borg serve: recommend using a simple shell (closes #3818) #8620

Merged
merged 1 commit into from
Jan 5, 2025
Merged

docs: borg serve: recommend using a simple shell (closes #3818) #8620

merged 1 commit into from
Jan 5, 2025

Conversation

qyanu
Copy link
Contributor

@qyanu qyanu commented Jan 4, 2025

see #8318

As a short summary of issue 8318:
openssh executes the user's configured shell with the whole command (either remote-command or forced-command) as a single argument like so: "$SHELL" -c "$COMMAND".
This entails a larger attack surface, when a complex and feature-rich shell is configured for the user.

Because in the example configuration of a push backup server a complex and feature-rich shell is not needed, recommending the usage of a simple shell like /bin/sh will reduce the opportunity of yet-undiscovered security vulnerabilities to arise in the future.

@qyanu qyanu mentioned this pull request Jan 4, 2025
Open
@qyanu qyanu force-pushed the 3818recommendchsh-master branch from fa31c2c to 5ce345e Compare January 4, 2025 00:10
ThomasWaldmann
ThomasWaldmann reviewed Jan 4, 2025
View reviewed changes
Copy link
Member

@ThomasWaldmann ThomasWaldmann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR!

docs/usage/serve.rst Outdated Show resolved Hide resolved
docs/usage/serve.rst Show resolved Hide resolved
docs/usage/serve.rst Outdated Show resolved Hide resolved
@qyanu qyanu force-pushed the 3818recommendchsh-master branch from 5ce345e to 77dbf13 Compare January 5, 2025 13:48
ThomasWaldmann
ThomasWaldmann reviewed Jan 5, 2025
View reviewed changes
Copy link
Member

@ThomasWaldmann ThomasWaldmann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added a small phrasing suggestion (also removes a typo), but other than that I think it's good for merging now.

docs/usage/serve.rst Outdated Show resolved Hide resolved
@qyanu qyanu force-pushed the 3818recommendchsh-master branch from 8b12e03 to 048ff2a Compare January 5, 2025 18:19
ThomasWaldmann
ThomasWaldmann approved these changes Jan 5, 2025
View reviewed changes
Copy link
Member

@ThomasWaldmann ThomasWaldmann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

@ThomasWaldmann ThomasWaldmann merged commit fd43feb into borgbackup:master Jan 5, 2025
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ThomasWaldmann ThomasWaldmann ThomasWaldmann approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@qyanu @ThomasWaldmann