[Bug 3693] New: Is SFTP local command execution implemented based on an RFC protocol?
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue May 28 13:07:01 AEST 2024
https://bugzilla.mindrot.org/show_bug.cgi?id=3693
Bug ID: 3693
Summary: Is SFTP local command execution implemented based on
an RFC protocol?
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: sftp
Assignee: unassigned-bugs at mindrot.org
Reporter: rmsh1216 at 163.com
Hi,
As we all known, we can execute some commands in local shell or escape
to local shell by using '!'. However, I can't find the description in
ssh protocols. If this feature is implemented based on an RFC protocol?
Please let me know if it is. Thanks.
Also, is there a security issue involved?
For example, when the expect script is used to implement SFTP automatic
interaction, the server can construct a specific banner to deceive the
expect script and execute the client script.
More specifically, the expect script looks for the password keyword to
enter the user's password.
If there is a executable script named "!test" on the client. The
password of this account on the server is also "!test", the server
allows login to accounts with empty password strings and the keyword
"password" is added to the banner. The password in the banner will be
captured by the expect script and then the password "!test" will be is
entered. In this case, local script willed executed.
I don't know if this is a problem, although it seems to be a normal
function of sftp and the server in this case is not trusted.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list