ownership permissions on files replaced via scp -- bug or feature?

Jeffrey Layton Jeff.Layton at bellhowell.com
Tue Jan 7 03:52:57 EST 2003


I've noticed the following behavior on files that are overwritten with
an scp command and I can't decide if this is intended behavior or a bug?
Can someone with a little more insight please share the reasoning for
this (if any)? I've tested this with a mix of 3.4p1 and 3.5p1 hosts.

Suppose we have 2 files on different hosts, with different group
ownership and permissions. user1 is not a member of either group foo or
group bar:

user at host1:/tmp% ls -l /tmp/testfile
-rw-r--r--    1 user1  foo         5 Jan  6 11:14 /tmp/testfile

user at host2:~% ls -l /tmp/testfile
-rw-rw-r--    1 user1  bar         6 Jan  6 11:37 /tmp/testfile

If I then scp this file from host1 to host2: 

laytonj at host1:/tmp% scp testfile host2:/tmp

The contents of testfile on host2 are overwritten, but permissions and
ownership are preserved.

user at host2:~% ls -l /tmp/testfile
-rw-rw-r--    1 user1  bar         5 Jan  6 11:39 /tmp/testfile

The same rule applies as long as the user has write permission to the
file. sshd seems to preserve permissions on any file that is replaced,
whether the user making the copy is a member of that group or not.

It seems to me that the permissions should be set as if the user were
creating a new file here unless for instance, the -p flag is used, and
the user is capable of setting permissions on the resulting file to
match the source file.

Is this also potentially a security hole? A malicious user with the
ability to write to a file might be able to upload a trojaned binary
here or some such mischief.

-- 
Jeffrey Layton <Jeff.Layton at bellhowell.com>
Bell & Howell MMT
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20030106/4b29e38c/attachment.bin 


More information about the openssh-unix-dev mailing list