scp -t . - possible idea for additional parameter
Jefferson Ogata
Jefferson.Ogata at noaa.gov
Fri Oct 12 08:31:47 EST 2007
Larry Becke wrote:
> On 2007-10-11 18:01, Larry Becke wrote:>> Can this be done? >Theoretically. See my previous message.I must have missed it.
>> Is it so terribly hard to add the feature?>It's not easy. See my previous message, and do a little research on path>canonicalization and past directory traversal vulnerabilities in, e.g.>IIS and Apache, to understand this better.
>
> To throw an error and exit if "../" is in the remote path parameter?
> To add a "./" between hostname: and /path/to/dir in the remote path parameter?
Doing those things is trivial. What's not trivial is demonstrating that
doing those things accomplishes what you want on every platform where
openssh runs. And given that you're ignoring symlinks, let alone
potential Unicode issues, you're not demonstrating even a moderate level
of diligence in coming up with a reliable solution to your problem.
If you do attempt to solve the problem properly, it becomes more
difficult. Take a look at this, for example:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4131
> Just asking, as I know how to do this in the languages that I use.
> Unfortunately, I'm not a c/c++ developer myself, otherwise I would have just made a patch for it and submitted it for review. This is tempting me to break down and start learning c/c++.
That's a good idea. :^)
>>> Will it hurt anything to add the feature?>If it isn't done 100% correctly, yes. See my previous message.If it only effects users who use the -T parameter, instead of the -t parameter, neither of which are documented?
>>> I'd be happy to discuss offline the reasoning behind my request.>> It's valid, and if you'd bother to keep an open mind, you might actually understand \>> where I'm coming from.>I think we're way ahead of where you're coming from, which is why I>asked, "Have you tried WebDAV over SSL?"
>
> Really, and I can use that as simply in a shell script as
> scp filename -i xfer_key user at remhost:
No, but you can configure it to do what you want reliably, and a stray
symlink won't break your authorization policy.
> Or do I have to use some convoluted strings and other commands as well as configure additional keys, keystores, ssl etc?
> This would be on systems with no web servers, no application servers.
Yes, you would have to configure SSL. That's good exercise, if it's
something you don't feel comfortable doing. cadaver is a decent
command-line DAV client with FTP-like syntax.
> I'll look into it, however, the servers essentially have ssh/scp/sftp (and the requisite openssl, etc) for services, nothing else.
Presumably there's another service of some kind on the system, since you
would have people copy files to it in a way that prevents file sharing
between users, and I doubt it's supposed to be a black hole.
--
Jefferson Ogata <Jefferson.Ogata at noaa.gov>
NOAA Computer Incident Response Team (N-CIRT) <ncirt at noaa.gov>
"Never try to retrieve anything from a bear."--National Park Service
More information about the openssh-unix-dev
mailing list