[Bug 3871] New: scp traversing outside of destination dir when copying .. or ../..
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Oct 2 18:40:16 AEST 2025
https://bugzilla.mindrot.org/show_bug.cgi?id=3871
Bug ID: 3871
Summary: scp traversing outside of destination dir when copying
.. or ../..
Product: Portable OpenSSH
Version: 10.0p2
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: scp
Assignee: unassigned-bugs at mindrot.org
Reporter: srot.karel at gmail.com
When copying directories like .. or ../.. scp will not store copied
files under the destination directory but above it.
I am not sure if this behavior is expected feature or if it is a
regression but it is definitely confusing.
This seems to be due to transition to sftp, it doesn't happen when -O
option is used.
Tested as well with the current upstream openssh portable, commit
https://github.com/openssh/openssh-portable/commit/b9f6a84ea383d811216de38219472214963c10b2
Reproducer:
# prepare and verify test data
$ mkdir -p A/B/C
$ touch A/B/C/boom
$ mkdir ~/DEST
$ cd A/B/C
$ ls ../..
B
# try to copy B to ~/DEST
$ scp -r ../.. karel at localhost:~/DEST
karel at localhost's password:
boom 100% 0 0.0KB/s 00:00
# nothing there though
$ ls ~/DEST/
# B has been stored in ~ instead
$ ls ~
A B DEST
$ find / -name boom 2> /dev/null
/home/karel/A/B/C/boom
/home/karel/B/C/boom
# scp won't be allow to write where it is not permitted though.
# similar scenario with ..
$ cd ~/A/B
$ ls
C
$ scp -r .. karel at localhost:~
karel at localhost's password:
scp: stat remote: No such file or directory
scp: remote setstat "/home": Permission denied
scp: failed to upload directory .. to ~
we can see that scp doesn't resolve .. or ../.. to proper directory
names
With scp -O option the outcome is different:
$ cp -O -r ../.. karel at localhost:~/DEST
scp: error: unexpected filename: ..
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list