Re: Filter files received on scp server

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



I am hoping to filter on that file name so I can reject certain files
(ideally, configurable file patterns). Suppose I wish for all files named "kitten.txt" to be rejected, I would simply compare the incoming file name
to that and, if a match, end the transfer and session.

Look at the okname() function in scp.c.

You'd have to think about how to implement this so you can:

1) Not expose yourself to unnecessarily risky code and functionality.
2) Provide for a (scalable) way to configure the list of "blacklisted"
filenames so that it doesn't require undue -HUP (or worse, recompilation) of
the SSH services.
3) Resist the tempation to use risky libraries to expand the flexibility of
your "blacklisting" specifications, i.e., PCRE & friends.

Well, I'd suggest to just pass that decision making to an external process.

Ie. at the place doing an fopen() do a popen() instead (or fork()/exec() if not using stdio there), passing the filename in as an argument.

The called executable can then read data from STDIN, and can at any time (parsing the filename, the first few magic bytes, or the whole content) do an exit(1), signifying that the data was inappropriate.


Precedence case is the "AuthorizedKeysCommand".
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux