I hear you - but it seems that the choice is between (a) limiting "scp" functionality to address the security vulnerability, and (b) killing "scp" altogether.
I'd much prefer (a), even if it means I lose "scp remotehost:foo\* .".
Especially, since (almost always) I have equal privileges on both local and remote hosts, so in that case I just originate that "scp" from that remote. ;-)
TNX
On 8/3/20, 11:09, "Thorsten Glaser" <t.glaser@xxxxxxxxx> wrote:
On Mon, 3 Aug 2020, Blumenthal, Uri - 0553 - MITLL wrote:
> I conjecture that only few of the existing use cases rely on remote expansion.
No, this is used all the time.
scp remotehost:foo\* .
(Unless rsync is available, but sadly that’s ⓐ GPLv3 and ⓑ not
universally installed.)
bye,
//mirabilos
--
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
