Re: scp exploit



Thanks for the responses!

Ok, so. let me wrap my head around this. If a user tries to copy a
local file using scp (isn't that what we use cp for), then
another user could boobytrap, say /tmp. The user copying some
directory out of tmp, or series of files from /tmp will then risk the
possibily of accidentally executing something in that directory, due to
metacharaters being embedded in the filename.

This begs a couple of questions.

First, who would using scp for local file copying, and why?

Second, I have seen something on the web about "scponly", is this a
decent replacement for scp? I also saw lots of security bulletins.

Also, I am familiar with meta characters, but would like to read up
more on them after this discussion, any good links you can point me to?
I'll google it, but maybe you guys have some good articles stored
away.

Thanks for the information, very enlightening.

Jess

.