Strange sftp input parameter handling, user assisted code execution?

Bob Proulx bob at proulx.com
Wed Jun 18 06:04:06 EST 2008


Roman Fiedler wrote:
> sftp> get !xxxx
> /bin/bash: xxxx: command not found
> Shell exited with status 127

To me that seems fairly normal in that it does what I would expect it
to do based upon traditional practice and without reading any
documentation on it.  The ! is a shell escape.  The xxxx is being
executed on the local client side of the connection.  On the local
machine xxxx is executed but doesn't exist and therefore returns an
error.

The manual for sftp says:

     get [-P] remote-path [local-path]
             ...
             remote-path may contain glob(3) characters and may match
             multiple files.

     ! command
             Execute command in local shell.

     !       Escape to local shell.

But I think the documentation might be improved in this area.  It
appears to be scanning the line for shell escapes prior to command
processing.

Try this:

  sftp> get "!xxxx"

Bob


More information about the openssh-unix-dev mailing list