scp -t - revisited.....
Peter Stuge
stuge-openssh-unix-dev at cdy.org
Sat Dec 8 06:41:01 EST 2007
Hi again Larry,
On Fri, Dec 07, 2007 at 10:58:12AM -0600, Larry Becke wrote:
> If this were to be put to use in some kind of publicly accessible
> location, I wouldn't even consider this a fix for our problem. I
> do not believe in security through obscurity.
Oh I don't think this qualifies. It's not like you're hiding
anything.
> Now, where this comes into play is when we are dealing with sister
> companies, trusted trading partners, etc... There's already a
> certain level of trust involved, and we're looking for something to
> prevent accidental file relocation.
Then I would be satisfied with this method.
> I understand that carefully tweaked data flow sent to the scp
> server side could cause data to be written to a location other than
> what's specified by the key. I have no questions that that could
> happen.
Cool.
> Now the one thing that I would ask, is this, could a crafted scp
> connection (even when forced to run scp -t ) cause a file to be
> pulled down to the client?
I don't think so, no.
//Peter
More information about the openssh-unix-dev
mailing list