Comment 6 for bug 1270204

John Griffith (john-griffith) wrote :

I guess I"m confused because IMO what this patch does is first of all allow the use of an invalid hostname, and second does it in such a way as to bypass our injection check, so it very much IS related to ssh and injection regardless of the title.

So if I set the hostname to: "some-host; rm -rf /" for example... that seems like a problem to me and I believe that's the sort of thing the injection check is actually there for. Bypassing the injection check to allow spaces in on commands seems like a very bad idea, inparticular for a case that isn't even valid.

Maybe you can explain in detail why you think this is a reasonable fix and more importantly why it's needed? I seem to be missing some detail here that maybe you're aware of or have noticed.