|
Bugtraq
mailing list archives
Re: rcp file transfer hole (was: scp file transfer hole)
From: Scott Gifford <sgifford () TIR COM>
Date: Tue, 3 Oct 2000 03:57:02 -0400
Jan Niehusmann <jan () GONDOR COM> writes:
On Mon, Oct 02, 2000 at 01:06:58PM +0200, Markus Friedl wrote:
how should this be fixed in a reasonable way? i don't think questions
similar to "do you really want to create /bla/bla/bla? (yes/no)" would
be useful.
scp could parse the arguments locally. I can only see three cases:
1) scp is called with two file arguments:
scp remote:/x/y/file /local/file
in this case, scp should deny any access to files other than /local/file
2) scp is called with one file and one directory:
scp remote:/x/y/file /local/dir/
in this case, scp should only allow writes to /local/dir/file, and especially
not to files in subdirectories of /local/dir/.
3) scp is called with -r and two directories:
scp -r remote:/x/y/dir/ /local/dir/
in this case, scp has to allow writes to /local/dir/* and subdirectories,
but the user should expect that, so its probably ok.
There is one more case:
4) scp is called with multiple files or a pattern, and one directory
scp remote:/x/y/\*.c /local/dir/
scp remote1:/x/y/file1 remote2:/x/y/file2 /local/dir/
in this case, scp should allow writes to /local/dir/*, but not to
subdirectories.
I think that this is by far the best solution I've seen proposed to
this; it solves the problem silently, remaining completely invisible
to users and scripts.
----ScottG.
(I said scp, rcp is the same, of course)
Jan
 By Date 
By Thread
Current thread:
|
Intro
