Bugtraq mailing list archives
Re: rcp file transfer hole (was: scp file transfer hole)
From: "Peter J . Holzer" <hjp () WSR AC AT>
Date: Tue, 3 Oct 2000 15:30:31 +0200
On 2000-10-02 19:06:46 +0200, Jan Niehusmann wrote:
On Mon, Oct 02, 2000 at 01:06:58PM +0200, Markus Friedl wrote:how should this be fixed in a reasonable way? i don't think questions similar to "do you really want to create /bla/bla/bla? (yes/no)" would be useful.
[...]
3) scp is called with -r and two directories: scp -r remote:/x/y/dir/ /local/dir/
A recursive tree walk can never generate a ".." entry on a Unix-like system. So if you deny access to all files which contain /../ after the /local/dir/ entered by the command line, you should be save. hp -- _ | Peter J. Holzer | Any setuid root program that does an |_|_) | Sysadmin WSR / LUGA | exec() somewhere is just a less | | | hjp () wsr ac at | user friendly version of su. __/ | http://www.hjp.at/ | -- Olaf Kirch on bugtraq 2000-08-07
Attachment:
_bin
Description:
Current thread:
- Re: scp file transfer hole stanislav shalunov (Oct 01)
- rcp file transfer hole (was: scp file transfer hole) Markus Friedl (Oct 02)
- Re: rcp file transfer hole (was: scp file transfer hole) Crist Clark (Oct 02)
- Re: rcp file transfer hole (was: scp file transfer hole) Jan Niehusmann (Oct 02)
- Re: rcp file transfer hole (was: scp file transfer hole) Scott Gifford (Oct 03)
- Re: rcp file transfer hole (was: scp file transfer hole) Peter J . Holzer (Oct 03)
- Re: rcp file transfer hole (was: scp file transfer hole) stanislav shalunov (Oct 03)
- <Possible follow-ups>
- Re: scp file transfer hole Craig Ruefenacht (Oct 02)
- rcp file transfer hole (was: scp file transfer hole) Markus Friedl (Oct 02)