[Bug 3693] Is SFTP local command execution implemented based on an RFC protocol?

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue May 28 18:24:46 AEST 2024


https://bugzilla.mindrot.org/show_bug.cgi?id=3693

--- Comment #2 from renmingshuai <rmsh1216 at 163.com> ---
(In reply to Damien Miller from comment #1)
> No, it's not based on the protocol because it's local only.
> 
> How could a server exploit this? There's no way for sftp to pass
> server output to its command input unless the user explicitly
> configures it.

It is not sftp that passes the server output to its command input. The
user's expect script captures the keyword "password" in the server's
banner, and then input "!test" to sftp command input.
For example:
spawn sftp username at Host
expect {
"*assword*" {send --"! test\r"}
}

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list