[Bug 424] scp mishandles files with spaces in names
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Mon Nov 3 08:04:05 EST 2008
https://bugzilla.mindrot.org/show_bug.cgi?id=424
Anders Kaseorg <anders at kaseorg.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |anders at kaseorg.com
--- Comment #4 from Anders Kaseorg <anders at kaseorg.com> 2008-11-03 08:04:05 ---
Can someone explain why this is a protocol problem? If there’s a
client-side workaround, why isn’t the filename escaped in the scp
client?
This is a potentially nasty security problem for a trusted script that
scps files from a remote machine, because a malicious filename
containing `` could cause arbitrary code to be executed remotely.
A similar problem exists with the ssh client:
$ touch "123 456" 789; ls
123 456
789
$ ssh host touch "123 456" 789; ssh host ls
123
456
789
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the openssh-bugs
mailing list