So apparently OpenSSH accepts but ignores --, i.e. it still parses options after the --...
ssh's ignoring the -- allows them to specify a remote command string that actually causes code exec on the client.
-
-
Might be an unusual/unlikely situation but shows violation of principle of least surprise in a way that compromises expected security props.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.