[PATCH] add sftp-server option to force temp files

Demi Marie Obenour demiobenour at gmail.com
Mon Feb 21 06:53:25 AEDT 2022


On 2/20/22 13:30, Nico Kadel-Garcia wrote:
> On Sun, Feb 20, 2022 at 11:08 AM Nathan Wagner <nw at hydaspes.if.org> wrote:
>>
>> The following patch will add a -T option to sftp-server.c that forces
>> use of a temp file for uploads to the server.  It takes an argument that
>> has 'XXXXXX' added to the end and used as a template string for
>> mkstemp(3).
> 
> Wouldn't rsync over SSH be better for this sort of feature
> aggregation? The potential chroot caged setups for sftp may have their
> uses, but the more complex you make this sort of behavior, the more
> vulnerable you become to alarming failures such as leaving behind
> temporary file debris as the artifact of a failed transfer, especially
> in edge cases like transferring large files and the transmission being
> interrupted or running out of disk space.

On Linux, one can use O_TMPFILE to ensure that the file is created
atomically.  That isn’t portable, though.
-- 
Sincerely,
Demi Marie Obenour (she/her/hers)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xB288B55FFF9C22C1.asc
Type: application/pgp-keys
Size: 4885 bytes
Desc: OpenPGP public key
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20220220/a0597432/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20220220/a0597432/attachment-0001.asc>


More information about the openssh-unix-dev mailing list