Details
-
Bug
-
Resolution: Done
-
P2: Important
-
Qt Creator 4.13.1
-
None
-
30d4f7b48c4a886133714b4856de3a20658858c7 (qt-creator/qt-creator/master)
Description
When LinuxDeviceProcess (https://github.com/qt-creator/qt-creator/blob/master/src/plugins/remotelinux/linuxdeviceprocess.cpp#L76) tries to execute a remote command, the resulting command line is something like this:
ssh -o StrictHostKeyChecking=no -i C:/Users/kar/.ssh/id_rsa -o User=pi -o Port=22 -o BatchMode=yes 192.168.0.17 "test -f /etc/profile && . /etc/profile ; test -f $HOME/.profile && . $HOME/.profile ; echo $$ && echo MyCommand"
In case of Raspberry Pi with default password the readAllStandardOutput() returns the following:
SSH is enabled and the default password for the 'pi' user has not been changed. This is a security risk - please login as the 'pi' user and type 'passwd' to set a new password. 4521 MyCommand
While the expected output for the user would be "MyCommand".
The default password warning comes from the " . /etc/profile" LinuxDeviceProcess prepended to user command and the 4521 from "cmd.addArgs("echo $$ && ", CommandLine::Raw);" which is used to parse the process ID.
What is more, thanks to the Raspberry security warning, the process ID parse actually fails in LinuxDeviceProcess::readAllStandardOutput() because only parses the first line of the output:
int cut = m_processIdString.indexOf('\n'); if (cut != -1) { m_processId = m_processIdString.left(cut).toLongLong();