RU version is available. Content is displayed in original English for accuracy.
Advertisement
Advertisement
⚡ Community Insights
Discussion Sentiment
75% Positive
Analyzed from 348 words in the discussion.
Trending Topics
#tailscale#fix#ssh#access#used#cve#whatever#going#acl#openssh

Discussion (16 Comments)Read Original on HackerNews
(If you had SSH access to a host in your Tailscale ACL, you could log in as `-i` and get a root login.)
Really? That's the fix?
A proper fix is to use "--" to separate arguments.
Refactoring external invocations to use safe argument handling is a better way to fix it. Along with tests that exercise weird names.
The username policy fixes this issue for good, regardless of whatever you write in the future, or whatever new mechanism is introduced.
It’s a restriction for sure, but it’s not a nonsense restriction? Who would have a username starting with a hyphen? I didn’t even know it was possible until today.