Transferring file to local machine when SSHing into a foreign box

Dotan Cohen dotancohen at gmail.com
Sun May 13 20:41:31 EST 2012


On Sun, May 13, 2012 at 1:06 PM, Ángel González <keisial at gmail.com> wrote:
> If a command such as the proposed cp2local is able to write arbitrary
> files in the local end*, it allows such compromise.
>

I understand that you feel that allowing the remote server to write
(not execute) arbitrary files to the local machine is a security risk.
I also assume that you do not feel that scp being able to write
arbitrary files to the local machine is not a security risk because it
requires the explicit typing of a username and password, or better yet
of a keypair. Please confirm or deny if my assumption is correct.

I counter that the proposed cp2Local is no more of a security risk
than scp because it _also_ requires the user of a username/password or
keypair to explicitly express intent (establishing the initial SSH
connection). Assuming the worst-case scenario that this feature is
enabled and the user SSHes into a compromised box, the user will be
only downloading unwanted, malicious files to his local machine, he
will not be executing them automatically. This is no different than
visiting a webpage. In fact, this is safer: web browsers _can_ run
arbitrary code in the form of Javascript.

You could argue that the web browser downloads to a cache, whereas
cpLocal would download to $HOME. Therefore have it downlaod to a
different directory, Free Desktop has conventions for this, see this
Stack Overflow discussion:
http://unix.stackexchange.com/a/15238/9760

In short, I recognise the problem of allowing the remote machine
access to write to your local machine. However, this has been a
problem with many other technologies (www, email, ftp, etc.) and it is
a solved issue in the general sense. That is, best practices and
damage-mitigation strategies have already been established.

-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com


More information about the openssh-unix-dev mailing list