Bugtraq mailing list archives
Re: rcp file transfer hole (was: scp file transfer hole)
From: Jan Niehusmann <jan () GONDOR COM>
Date: Mon, 2 Oct 2000 19:06:46 +0200
On Mon, Oct 02, 2000 at 01:06:58PM +0200, Markus Friedl wrote:
how should this be fixed in a reasonable way? i don't think questions similar to "do you really want to create /bla/bla/bla? (yes/no)" would be useful.
scp could parse the arguments locally. I can only see three cases: 1) scp is called with two file arguments: scp remote:/x/y/file /local/file in this case, scp should deny any access to files other than /local/file 2) scp is called with one file and one directory: scp remote:/x/y/file /local/dir/ in this case, scp should only allow writes to /local/dir/file, and especially not to files in subdirectories of /local/dir/. 3) scp is called with -r and two directories: scp -r remote:/x/y/dir/ /local/dir/ in this case, scp has to allow writes to /local/dir/* and subdirectories, but the user should expect that, so its probably ok. (I said scp, rcp is the same, of course) Jan
Attachment:
_bin
Description:
Current thread:
- Re: scp file transfer hole stanislav shalunov (Oct 01)
- rcp file transfer hole (was: scp file transfer hole) Markus Friedl (Oct 02)
- Re: rcp file transfer hole (was: scp file transfer hole) Crist Clark (Oct 02)
- Re: rcp file transfer hole (was: scp file transfer hole) Jan Niehusmann (Oct 02)
- Re: rcp file transfer hole (was: scp file transfer hole) Scott Gifford (Oct 03)
- Re: rcp file transfer hole (was: scp file transfer hole) Peter J . Holzer (Oct 03)
- Re: rcp file transfer hole (was: scp file transfer hole) stanislav shalunov (Oct 03)
- <Possible follow-ups>
- Re: scp file transfer hole Craig Ruefenacht (Oct 02)
- rcp file transfer hole (was: scp file transfer hole) Markus Friedl (Oct 02)