On 11/5/20 7:49 PM, Michael Hennebry wrote:
On Wed, 4 Nov 2020, George N. White III wrote:
On Wed, 4 Nov 2020 at 11:39, Michael Hennebry <
hennebry@xxxxxxxxxxxxxxxxxxxxx> wrote:
In this particular case, I'd think the client
could tell that a .BAT file was not a .c file.
Downloading 1000's of files resulting from some HPC calculation
it would be easy to overlook an unwanted file.
To be clear, I'd meant the client could to it automatically.
To be clear, the scp client does finename matching already by default.
But if there is a recursive download (or a regex matching the malicious
file), this might not help either.
Not even using sftp, if the file is sneaked inside of the downloaded
directory. But breaking scp protocol to do that is a matter of inserting
one command, while SFTP requires significantly more work and the
downloads can be properly audited (unlike scp, which is just a command
on the server).
Regards,
--
Jakub Jelen
Senior Software Engineer
Crypto Team, Security Engineering
Red Hat, Inc.
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
