[Bug 943] sftp will not send from a named pipe

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Wed Jun 27 13:49:19 EST 2007


http://bugzilla.mindrot.org/show_bug.cgi?id=943


Mark Fuller <azfuller at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|WONTFIX                     |




--- Comment #9 from Mark Fuller <azfuller at gmail.com>  2007-06-27 13:49:17 ---
As the original bug report stated, the problem is with sftp (and scp).
We are not able to give shell access. Again, the issue is *security*.
We use a named pipe so that data isn't written to disk. It stands to
reason that we wouldn't grant shell access to such a system just as a
workaround to what was an overly broad "fix" when someone asking for
sftp/scp not to block. 

The solution should be to allow/disallow FIFOs via a command-line parm.
Forcing everyone to never use them is not a solution. Forcing us to
grant shell access (a greater security risk) is not a solution.

I think you need to face it. The fix for #856 was too sweeping. I don't
mind patching SSH. But, that's not a long term solution. That's what
I'm asking for.

Thank you for your time.

Mark


-- 
Configure bugmail: http://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list