Uploaded image for project: 'Qt Creator'
  1. Qt Creator
  2. QTCREATORBUG-25306

LinuxDeviceProcess prepends to user commands and litters the standard output

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P2: Important
    • Resolution: Done
    • Affects Version/s: Qt Creator 4.13.1
    • Fix Version/s: Qt Creator 4.15.0-beta1
    • Component/s: Remote Linux
    • Labels:
      None
    • Commits:
      30d4f7b48c4a886133714b4856de3a20658858c7 (qt-creator/qt-creator/master)

      Description

      When LinuxDeviceProcess (https://github.com/qt-creator/qt-creator/blob/master/src/plugins/remotelinux/linuxdeviceprocess.cpp#L76) tries to execute a remote command, the resulting command line is something like this:

      ssh -o StrictHostKeyChecking=no -i C:/Users/kar/.ssh/id_rsa -o User=pi -o Port=22 -o BatchMode=yes 192.168.0.17 "test
      -f /etc/profile && . /etc/profile ; test -f $HOME/.profile && . $HOME/.profile ; echo $$ && echo MyCommand"
      

      In case of Raspberry Pi with default password the readAllStandardOutput() returns the following:

      
      SSH is enabled and the default password for the 'pi' user has not been changed.
      This is a security risk - please login as the 'pi' user and type 'passwd' to set a new password.
      
      4521
      MyCommand
      

      While the expected output for the user would be "MyCommand".

      The default password warning comes from the " . /etc/profile" LinuxDeviceProcess prepended to user command and the 4521 from "cmd.addArgs("echo $$ && ", CommandLine::Raw);" which is used to parse the process ID.

      What is more, thanks to the Raspberry security warning, the process ID parse actually fails in LinuxDeviceProcess::readAllStandardOutput() because only parses the first line of the output:

          int cut = m_processIdString.indexOf('\n');
          if (cut != -1) {
              m_processId = m_processIdString.left(cut).toLongLong();
      

        Attachments

        For Gerrit Dashboard: QTCREATORBUG-25306
        # Subject Branch Project Status CR V

          Activity

            People

            Assignee:
            kandeler Christian Kandeler
            Reporter:
            karmo Karmo Kuurberg
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Gerrit Reviews

                There are no open Gerrit changes