scp -t . - possible idea for additional parameter

Larry Becke guyverdh at hotmail.com
Wed Oct 3 17:46:06 EST 2007


One of the minor issues we face as we tackle security issues is the idea that scp allows someone to navigate directory structures that aren't restricted to the user that is logging in.
 
If we were to implement a switch that a) forced pathing to be relative to the startup directory parameter, and b) either filtered the client side scp command parameters to ensure that it remained relative, or errored out if "../" were used as part of the destination path parameter.
 
How this is implemented is by tying keys to specific directories, so when you 
 
scp -i xyz_key filename.ext remhost:
the remote server is configured to do
 
command="/full/path/to/bin/scp -t /some/home/dir" 
 
It would copy the filename.ext file to the /some/home/dir directory on remhost.
 
However, at this time, this does not *lock* the user into that directory.
 
If they were to execute
 
scp -i xyz_key filename.ext remhost:/tmp
 
It would allow the user to copy filename.ext to the /tmp directory on remhost.
 
If we implemented -T to force relative to startup path, then
 
command="/full/path/to/bin/scp -T /some/home/dir"
 
when the user used
 
scp -i xyz_key filename.ext remhost:/tmp
 
it would attempt to copy the file to /some/home/dir/tmp on remhost
 
If /some/home/dir/tmp didn't exist on remhost, it would fail.
 
 
That is what I am looking for, and am hoping would be trivial to implement.
 
This would give a relatively simple way to control where a user went, and if configured as a startup parameter in sshd_config, could force *all* scp connections to be relative.
 
 
 
> Date: Tue, 2 Oct 2007 18:39:20 -0600> To: guyverdh at hotmail.com> CC: openssh-unix-dev at mindrot.org> Subject: Re: scp -t . - possible idea for additional parameter> From: bob at proulx.com> > Larry Becke wrote:> > By locking, I mean translating /path/to/file as ./path/to/file, or> > ../../../path/../../../path/to/file as ./path/to/file.> > > > Basically set a root point as the current home directory, then build> > the pathing based on that, any "../" would become "./" if the "../"> > would go above that home directory.> > Not sure this is what you want but look into the 'rsync --relative'> option.> > http://rsync.samba.org/> http://rsync.samba.org/ftp/rsync/rsync.html> > Bob
_________________________________________________________________
Help yourself to FREE treats served up daily at the Messenger Café. Stop by today.
http://www.cafemessenger.com/info/info_sweetstuff2.html?ocid=TXT_TAGLM_OctWLtagline


More information about the openssh-unix-dev mailing list