On Mon, Aug 03, 2020 at 09:48:30AM +1000, raf <ssh@xxxxxxx> wrote: > On Fri, Jul 31, 2020 at 04:29:13PM -0700, Ethan Rahn <ethan.rahn@xxxxxxxxx> wrote: > > > I wanted to bring this up again due to: > > https://github.com/cpandya2909/CVE-2020-15778/. This showcases a clear > > issue with scp which it sounds like cannot be fixed without breaking scp. > > This seems like it would lend some impetus to doing _something_, even if it > > breaks scp or necessitates using something new. > > > > Cheers, > > Ethan > > Surely, executing the scp -t command without using the > shell would fix this without breaking any legitimate > usage. And it would be much easier and more effective > than sanitising the path. Paths can contain almost any > byte. > > Mind you, it wouldn't stop the legitimate user from > just logging in and performing the same actions manually. > But it would help in cases where users can scp but not ssh > to a host. And another problem is that probably, the ssh server just sees this as a command to run, like any other, and so of course it executes it via the user's shell. Unless it makes some distinction between scp connections and everything else. It probably doesn't. cheers, raf _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
