Bugtraq mailing list archives

Re: rcp file transfer hole (was: scp file transfer hole)

From: "Peter J . Holzer" <hjp () WSR AC AT>
Date: Tue, 3 Oct 2000 15:30:31 +0200

On 2000-10-02 19:06:46 +0200, Jan Niehusmann wrote:

On Mon, Oct 02, 2000 at 01:06:58PM +0200, Markus Friedl wrote:

how should this be fixed in a reasonable way?  i don't think questions
similar to "do you really want to create /bla/bla/bla? (yes/no)" would
be useful.

[...]

3) scp is called with -r and two directories:
scp -r remote:/x/y/dir/ /local/dir/


A recursive tree walk can never generate a ".." entry on a Unix-like
system. So if you deny access to all files which contain /../ after the
/local/dir/ entered by the command line, you should be save.

        hp


--
   _  | Peter J. Holzer      | Any setuid root program that does an
|_|_) | Sysadmin WSR / LUGA  | exec() somewhere is just a less
| |   | hjp () wsr ac at        | user friendly version of su.
__/   | http://www.hjp.at/   |    -- Olaf Kirch on bugtraq 2000-08-07

Attachment: _bin
Description:

Current thread:

Re: scp file transfer hole stanislav shalunov (Oct 01)
- rcp file transfer hole (was: scp file transfer hole) Markus Friedl (Oct 02)
  - Re: rcp file transfer hole (was: scp file transfer hole) Crist Clark (Oct 02)
  - Re: rcp file transfer hole (was: scp file transfer hole) Jan Niehusmann (Oct 02)
    - Re: rcp file transfer hole (was: scp file transfer hole) Scott Gifford (Oct 03)
    - Re: rcp file transfer hole (was: scp file transfer hole) Peter J . Holzer (Oct 03)
  - Re: rcp file transfer hole (was: scp file transfer hole) stanislav shalunov (Oct 03)
- <Possible follow-ups>
- Re: scp file transfer hole Craig Ruefenacht (Oct 02)