Bugtraq mailing list archives
Re: rcp file transfer hole (was: scp file transfer hole)
From: Scott Gifford <sgifford () TIR COM>
Date: Tue, 3 Oct 2000 03:57:02 -0400
Jan Niehusmann <jan () GONDOR COM> writes:
On Mon, Oct 02, 2000 at 01:06:58PM +0200, Markus Friedl wrote:how should this be fixed in a reasonable way? i don't think questions similar to "do you really want to create /bla/bla/bla? (yes/no)" would be useful.scp could parse the arguments locally. I can only see three cases: 1) scp is called with two file arguments: scp remote:/x/y/file /local/file in this case, scp should deny any access to files other than /local/file 2) scp is called with one file and one directory: scp remote:/x/y/file /local/dir/ in this case, scp should only allow writes to /local/dir/file, and especially not to files in subdirectories of /local/dir/. 3) scp is called with -r and two directories: scp -r remote:/x/y/dir/ /local/dir/ in this case, scp has to allow writes to /local/dir/* and subdirectories, but the user should expect that, so its probably ok.
There is one more case: 4) scp is called with multiple files or a pattern, and one directory scp remote:/x/y/\*.c /local/dir/ scp remote1:/x/y/file1 remote2:/x/y/file2 /local/dir/ in this case, scp should allow writes to /local/dir/*, but not to subdirectories. I think that this is by far the best solution I've seen proposed to this; it solves the problem silently, remaining completely invisible to users and scripts. ----ScottG.
(I said scp, rcp is the same, of course) Jan
Current thread:
- Re: scp file transfer hole stanislav shalunov (Oct 01)
- rcp file transfer hole (was: scp file transfer hole) Markus Friedl (Oct 02)
- Re: rcp file transfer hole (was: scp file transfer hole) Crist Clark (Oct 02)
- Re: rcp file transfer hole (was: scp file transfer hole) Jan Niehusmann (Oct 02)
- Re: rcp file transfer hole (was: scp file transfer hole) Scott Gifford (Oct 03)
- Re: rcp file transfer hole (was: scp file transfer hole) Peter J . Holzer (Oct 03)
- Re: rcp file transfer hole (was: scp file transfer hole) stanislav shalunov (Oct 03)
- <Possible follow-ups>
- Re: scp file transfer hole Craig Ruefenacht (Oct 02)
- rcp file transfer hole (was: scp file transfer hole) Markus Friedl (Oct 02)