Deprecation of scp protocol and improving sftp client

Blumenthal, Uri - 0553 - MITLL uri at ll.mit.edu
Sat Aug 1 10:17:36 AEST 2020 

Why can the local and remote paths be sanitized?

Regards,
Uri

> On Jul 31, 2020, at 19:57, Ethan Rahn <ethan.rahn at gmail.com> wrote:
> 
> I wanted to bring this up again due to:
> https://github.com/cpandya2909/CVE-2020-15778/. This showcases a clear
> issue with scp which it sounds like cannot be fixed without breaking scp.
> This seems like it would lend some impetus to doing _something_, even if it
> breaks scp or necessitates using something new.
> 
> Cheers,
> 
> Ethan
> 
>> On Wed, Jul 15, 2020 at 7:47 AM Thorsten Glaser <t.glaser at tarent.de> wrote:
>> 
>>> On Wed, 15 Jul 2020, Red Cricket wrote:
>>> 
>>> I have had this in my .bashrc for years:
>>> 
>>> alias scp='rsync -avzP'
>> 
>> Similar, though I named it rcp because nobody has the real rcp installed
>> any more, but sometimes I need scp to connect to systems that lack rsync.
>> 
>> 
>> https://evolvis.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=shellsnippets/shellsnippets.git;a=blob;f=mksh/rcp;hb=HEAD
>> 
>>> maybe rsync is a better replacement for scp than sftp would be?
>> 
>> It could be, were it not under a restrictive licence…
>> 
>> 
>> This doesn’t preclude people from making SSH’s builtin transfers
>> better, though.
>> 
>> bye,
>> //mirabilos
>> --
>> «MyISAM tables -will- get corrupted eventually. This is a fact of life. »
>> “mysql is about as much database as ms access” – “MSSQL at least descends
>> from a database” “it's a rebranded SyBase” “MySQL however was born from a
>> flatfile and went downhill from there” – “at least jetDB doesn’t claim to
>> be a database”  (#nosec)    ‣‣‣ Please let MySQL and MariaDB finally die!
>> _______________________________________________
>> openssh-unix-dev mailing list
>> openssh-unix-dev at mindrot.org
>> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>> 
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5874 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20200801/909fe3e7/attachment.p7s>

More information about the openssh-unix-dev mailing list