upstream: add some cautionary text about % token expansion and

author djm@openbsd.org <djm@openbsd.org>

Wed, 4 Oct 2023 04:03:50 +0000 (04:03 +0000)

committer Damien Miller <djm@mindrot.org>

Wed, 4 Oct 2023 04:33:27 +0000 (15:33 +1100)
author djm@openbsd.org <djm@openbsd.org>
Wed, 4 Oct 2023 04:03:50 +0000 (04:03 +0000)
committer Damien Miller <djm@mindrot.org>
Wed, 4 Oct 2023 04:33:27 +0000 (15:33 +1100)
diff --git a/ssh_config.5 b/ssh_config.5

index 7f64c2cf92704725997ca219d11eb1b767d09e43..367305d2cf9dadf3647b09d82d0dc53ef1582854 100644 (file)
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
  .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  .\"
-.\" $OpenBSD: ssh_config.5,v 1.386 2023/08/28 09:52:09 djm Exp $
-.Dd $Mdocdate: August 28 2023 $
+.\" $OpenBSD: ssh_config.5,v 1.387 2023/10/04 04:03:50 djm Exp $
+.Dd $Mdocdate: October 4 2023 $
  .Dt SSH_CONFIG 5
  .Os
  .Sh NAME
@@ -2206,6 +2206,16 @@ accepts all tokens.
  and
  .Cm ProxyJump
  accept the tokens %%, %h, %n, %p, and %r.
+.Pp
+Note that some of these directives build commands for execution via the shell.
+Because
+.Xr ssh 1
+performs no filtering or escaping of characters that have special meaning in
+shell commands (e.g. quotes), it is the user's reposibility to ensure that
+the arguments passed to
+.Xr ssh 1
+do not contain such characters and that tokens are appropriately quoted
+when used.
  .Sh ENVIRONMENT VARIABLES
  Arguments to some keywords can be expanded at runtime from environment
  variables on the client by enclosing them in
author	djm@openbsd.org <djm@openbsd.org>
	Wed, 4 Oct 2023 04:03:50 +0000 (04:03 +0000)
committer	Damien Miller <djm@mindrot.org>
	Wed, 4 Oct 2023 04:33:27 +0000 (15:33 +1100)