[Bug 3693] New: Is SFTP local command execution implemented based on an RFC protocol?

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue May 28 13:07:01 AEST 2024


https://bugzilla.mindrot.org/show_bug.cgi?id=3693

            Bug ID: 3693
           Summary: Is SFTP local command execution implemented based on
                    an RFC protocol?
           Product: Portable OpenSSH
           Version: -current
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: sftp
          Assignee: unassigned-bugs at mindrot.org
          Reporter: rmsh1216 at 163.com

Hi,
As we all known, we can execute some commands in local shell  or escape
to local shell by using '!'. However, I can't find the description in
ssh protocols. If this feature is implemented based on an RFC protocol?
Please let me know if it is. Thanks.

Also, is there a security issue involved?

For example, when the expect script is used to implement SFTP automatic
interaction, the server can construct a specific banner to deceive the
expect script and execute the client script.
More specifically, the expect script looks for the password keyword to
enter the user's password.
If there is a executable script named "!test" on the client. The
password of this account on the server is also "!test", the server
allows login to accounts with empty password strings and the keyword
"password" is added to the banner. The password in the banner will be
captured by the expect script and then the password "!test" will be is
entered. In this case, local script willed executed.

I don't know if this is a problem, although it seems to be a normal
function of sftp and the server in this case is not trusted.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list