file name handling "bug" in scp?

Evaldo Gardenali evaldo at
Tue Jul 26 12:33:07 EST 2005


My point is... shouldn't scp prevent expansion in the remote side?
This allows users of sites that prevent them from logging in via ssh or 
running remote commands to abuse scp and actually run what they wanted.

Some people allow you to use scp/sftp to do file transfer, but not to 
run vanity commands on their servers. This happens a lot in companies I 

Thanks for looking at it


Darren Tucker wrote:
> Evaldo Gardenali wrote:
>> I think I found a small filename handling issue in scp:
>> evaldo at winston:~$ scp evaldo at\`whoami\`-test .
>> Password:
>> scp: test-evaldo-test: No such file or directory
>> evaldo at winston:~$ scp evaldo at\`echo\ foo\`-test .
>> Password:
>> scp: test-foo-test: No such file or directory
>> evaldo at winston:~$
> I don't follow, what did you expect?  Do the files "test-evaldo-test" 
> and "test-foo-test" exist?
> It behaves consistly with what I'd expect (remember: the shell expansion 
> occurs twice: once by the client's shell and once by the server's).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3965 bytes
Desc: S/MIME Cryptographic Signature
Url : 

More information about the openssh-unix-dev mailing list