scp -t . - possible idea for additional parameter
Jefferson Ogata
Jefferson.Ogata at noaa.gov
Fri Oct 12 04:47:13 EST 2007
On 2007-10-11 18:01, Larry Becke wrote:
> Look, I'm tired of arguing my reasons. Let's just agree to disagree on my reasoning.
That agreement is implicit. :^)
> Answer the question.
> Can this be done?
Theoretically. See my previous message.
> Is it so terribly hard to add the feature?
It's not easy. See my previous message, and do a little research on path
canonicalization and past directory traversal vulnerabilities in, e.g.
IIS and Apache, to understand this better.
> Will it hurt anything to add the feature?
If it isn't done 100% correctly, yes. See my previous message.
> I'd be happy to discuss offline the reasoning behind my request.
> It's valid, and if you'd bother to keep an open mind, you might actually understand where I'm coming from.
I think we're way ahead of where you're coming from, which is why I
asked, "Have you tried WebDAV over SSL?"
--
Jefferson Ogata <Jefferson.Ogata at noaa.gov>
NOAA Computer Incident Response Team (N-CIRT) <ncirt at noaa.gov>
"Never try to retrieve anything from a bear."--National Park Service
More information about the openssh-unix-dev
mailing list