file name handling "bug" in scp?
Evaldo Gardenali
evaldo at gardenali.biz
Tue Jul 26 12:33:07 EST 2005
Hi
My point is... shouldn't scp prevent expansion in the remote side?
This allows users of sites that prevent them from logging in via ssh or
running remote commands to abuse scp and actually run what they wanted.
Some people allow you to use scp/sftp to do file transfer, but not to
run vanity commands on their servers. This happens a lot in companies I
know.
Thanks for looking at it
Evaldo
Darren Tucker wrote:
> Evaldo Gardenali wrote:
>> I think I found a small filename handling issue in scp:
>>
>> evaldo at winston:~$ scp evaldo at 127.0.0.1:test-\`whoami\`-test .
>> Password:
>> scp: test-evaldo-test: No such file or directory
>> evaldo at winston:~$ scp evaldo at 127.0.0.1:test-\`echo\ foo\`-test .
>> Password:
>> scp: test-foo-test: No such file or directory
>> evaldo at winston:~$
>
> I don't follow, what did you expect? Do the files "test-evaldo-test"
> and "test-foo-test" exist?
>
> It behaves consistly with what I'd expect (remember: the shell expansion
> occurs twice: once by the client's shell and once by the server's).
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3965 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20050725/4566f418/attachment.bin
More information about the openssh-unix-dev
mailing list