perl as parent #617

New issue

Open

opened 2026-05-07 00:21:48 +02:00 by BreizhHardware · 0 comments

BreizhHardware commented

2026-05-07 00:21:48 +02:00

Owner

📋 Pull Request Information

Original PR: https://github.com/ovh/the-bastion/pull/617
Author: @frwbr
Created: 3/30/2026
Status: 🔄 Open

Base: master ← Head: dev/accept-user-bin-perl

📝 Commits (1)

eba8188 connect: interactive mode: also accept /usr/bin/perl as parent

📊 Changes

1 file changed (+1 additions, -1 deletions)

View changed files

📝 bin/shell/connect.pl (+1 -1)

📄 Description

When building a the-bastion Debian package with dh_perl, dh_perl may change the shebang of bin/shell/osh.pl from

#! /usr/bin/env perl

#! /usr/bin/perl

This changes cmdline[0] from 'perl' to '/usr/bin/perl'. When trying to connect to a host in interactive mode, this then fails the security check for the parent process cmdline[0] in bin/shell/connect.pl, which only accepts 'perl' (not '/usr/bin/perl'). Thus, opening a connection in interactive mode fails with a security violation.

To avoid this, accept both 'perl' and '/usr/bin/perl' in bin/shell/connect.sh.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/ovh/the-bastion/pull/617 **Author:** [@frwbr](https://github.com/frwbr) **Created:** 3/30/2026 **Status:** 🔄 Open **Base:** `master` ← **Head:** `dev/accept-user-bin-perl` --- ### 📝 Commits (1) - [`eba8188`](https://github.com/ovh/the-bastion/commit/eba8188b8cc181206c7c681368eed1948fd182f1) connect: interactive mode: also accept /usr/bin/perl as parent ### 📊 Changes **1 file changed** (+1 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `bin/shell/connect.pl` (+1 -1) </details> ### 📄 Description When building a the-bastion Debian package with dh_perl, dh_perl may change the shebang of bin/shell/osh.pl from #! /usr/bin/env perl to #! /usr/bin/perl This changes cmdline[0] from 'perl' to '/usr/bin/perl'. When trying to connect to a host in interactive mode, this then fails the security check for the parent process cmdline[0] in bin/shell/connect.pl, which only accepts 'perl' (not '/usr/bin/perl'). Thus, opening a connection in interactive mode fails with a security violation. To avoid this, accept both 'perl' and '/usr/bin/perl' in bin/shell/connect.sh. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>