scp remote path specification

Pekka Savola pekkas at netcore.fi
Tue Dec 19 02:59:48 EST 2000


On Mon, 18 Dec 2000, Markus Friedl wrote:

> On Mon, Dec 18, 2000 at 05:02:24PM +0200, Pekka Savola wrote:
> > If I'm not mistaken, with this you can force the remote server to execute
> > a trojaned ssh, if you run e.g. '/tmp/scp user at remote:xxx .' and have
> > managed to create /tmp/ssh on the remote system.
>
> what's the point?
>
> you can call
> 	$ ssh remote /tmp/ssh
> in any case.

Oh, the user context has already been changed at this point.  How
unthoughtful of me. :-)

-- 
Pekka Savola                    "Tell me of difficulties surmounted,
Netcore Oy                      not those you stumble over and fall"
Systems. Networks. Security.     -- Robert Jordan: A Crown of Swords






More information about the openssh-unix-dev mailing list