file name handling "bug" in scp?

Evaldo Gardenali evaldo at gardenali.biz
Tue Jul 26 12:33:07 EST 2005


Hi

My point is... shouldn't scp prevent expansion in the remote side?
This allows users of sites that prevent them from logging in via ssh or 
running remote commands to abuse scp and actually run what they wanted.

Some people allow you to use scp/sftp to do file transfer, but not to 
run vanity commands on their servers. This happens a lot in companies I 
know.

Thanks for looking at it

Evaldo


Darren Tucker wrote:
> Evaldo Gardenali wrote:
>> I think I found a small filename handling issue in scp:
>>
>> evaldo at winston:~$ scp evaldo at 127.0.0.1:test-\`whoami\`-test .
>> Password:
>> scp: test-evaldo-test: No such file or directory
>> evaldo at winston:~$ scp evaldo at 127.0.0.1:test-\`echo\ foo\`-test .
>> Password:
>> scp: test-foo-test: No such file or directory
>> evaldo at winston:~$
> 
> I don't follow, what did you expect?  Do the files "test-evaldo-test" 
> and "test-foo-test" exist?
> 
> It behaves consistly with what I'd expect (remember: the shell expansion 
> occurs twice: once by the client's shell and once by the server's).
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3965 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20050725/4566f418/attachment.bin 


More information about the openssh-unix-dev mailing list