Re: scp exploit

On 2006-02-17, Jesse Charbneau <groups@xxxxxxxxxxxxxxxxx> wrote:
Ok, so. let me wrap my head around this. If a user tries to copy a
local file using scp (isn't that what we use cp for),

Or local -> remote.

another user could boobytrap, say /tmp. The user copying some
directory out of tmp, or series of files from /tmp will then risk the
possibily of accidentally executing something in that directory, due to
metacharaters being embedded in the filename.

This begs a couple of questions.

First, who would using scp for local file copying, and why?

See above.

Second, I have seen something on the web about "scponly", is this a
decent replacement for scp? I also saw lots of security bulletins.

Those restricted shells should prevent passing of shell metacharacters
to remote processes, which is a very similar but unrelated issue.

Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Relevant Pages