recursive operations in sftp
Damien Miller
djm at mindrot.org
Tue Dec 7 14:29:03 EST 2004
Andrew Mortensen wrote:
> Is there anyone actively working on adding recursive operations to
> sftp?
I'm not actively working on it, but I would really like to have it :)
> If there are people working quietly on recursive op patches, I'd like
> to hear from you. I've been putting some things together for a patch,
> and it would be best if we can avoid duplication of effort. I'd also
> like to hear from the maintainers regarding what they would deem
> acceptable as a patch that adds recursive operations. In past
> discussions, fts has been recommended. I've written put -r code using
> fts. It's straightforward, as suggested by Ben Lidstrom in the comments
> for bug 520, but as far as I know, no work has been done on making fts
> capable of dealing with remote operations.
Please send this to the list, or attach it to bugzilla. I don't think
that we need to wait to have both get -r and put -r implemented before
adding support for one of them.
> Are recursive operations based on a modified form of fts the only sort
> of patch acceptable? I've got a patch for recursive rm, too, but it
> uses recursion to accomplish its task.
Yeah, I'm quite wary of recursion to accomplish this - an attacker could
mount a DoS against you by building a deep hierarchy. rm is also
problematic because of race conditions in the protocol - it lacks a
"moral equivalent" of O_NOFOLLOW.
A modified fts() seems to be a fairly easy way to do this iteratively,
but I'm certainly happy to hear other approaches.
-d
More information about the openssh-unix-dev
mailing list