Re: rcp file transfer hole (was: scp file transfer hole)

[Scott Gifford <sgifford () TIR COM>]

Jan Niehusmann <jan () GONDOR COM> writes:

> On Mon, Oct 02, 2000 at 01:06:58PM +0200, Markus Friedl wrote:
> > how should this be fixed in a reasonable way?  i don't think questions
> > similar to "do you really want to create /bla/bla/bla? (yes/no)" would
> > be useful.
>
> scp could parse the arguments locally. I can only see three cases:
>
> 1) scp is called with two file arguments:
> scp remote:/x/y/file /local/file
>
> in this case, scp should deny any access to files other than /local/file
>
> 2) scp is called with one file and one directory:
> scp remote:/x/y/file /local/dir/
>
> in this case, scp should only allow writes to /local/dir/file, and especially
> not to files in subdirectories of /local/dir/.
>
> 3) scp is called with -r and two directories:
> scp -r remote:/x/y/dir/ /local/dir/
>
> in this case, scp has to allow writes to /local/dir/* and subdirectories,
> but the user should expect that, so its probably ok.

There is one more case:

  4) scp is called with multiple files or a pattern, and one directory
  scp remote:/x/y/\*.c /local/dir/
  scp remote1:/x/y/file1 remote2:/x/y/file2 /local/dir/

  in this case, scp should allow writes to /local/dir/*, but not to
  subdirectories.

I think that this is by far the best solution I've seen proposed to
this; it solves the problem silently, remaining completely invisible
to users and scripts.

----ScottG.

> (I said scp, rcp is the same, of course)
>
> Jan