Re: Is sshd supposed to interpret "{a,b}" brace expansions?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 

Jakub Jelen writes:

 > from what I understand, the brace expansion is not expanded in the
 > remote scp nor sshd, but in the remote shell (the remote command is
 > run inside of bash -c "command").

yes, you are right of course. Thank you for pointing that out.


Damien Miller writes:

 >> the proposed fix for CVE-2019-6111 [1] adds file name validation to
 >> scp [...]
 >
 > That's _a_ proposed fix, but not the one we used.
 >
 > Ours is: https://anongit.mindrot.org/openssh.git/patch/?id=391ffc4b9

I see. Thank you very much for the pointer.

Best regards
Peter

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux