[17030] in bugtraq
Re: rcp file transfer hole (was: scp file transfer hole)
daemon@ATHENA.MIT.EDU (Peter J . Holzer)
Tue Oct 3 15:08:17 2000
Mail-Followup-To: BUGTRAQ@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: multipart/signed; boundary=EDJsL2R9iCFAt7IV; micalg=pgp-md5;
protocol="application/pgp-signature"
Message-Id: <20001003153031.G32582@wsr.ac.at>
Date: Tue, 3 Oct 2000 15:30:31 +0200
Reply-To: "Peter J . Holzer" <hjp@WSR.AC.AT>
From: "Peter J . Holzer" <hjp@WSR.AC.AT>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20001002190646.A17974@gondor.com>; from Jan Niehusmann on Mon,
Oct 02, 2000 at 07:06:46PM +0200
--EDJsL2R9iCFAt7IV
Content-Type: text/plain; charset=us-ascii
On 2000-10-02 19:06:46 +0200, Jan Niehusmann wrote:
> On Mon, Oct 02, 2000 at 01:06:58PM +0200, Markus Friedl wrote:
> > how should this be fixed in a reasonable way? i don't think questions
> > similar to "do you really want to create /bla/bla/bla? (yes/no)" would
> > be useful.
>
[...]
> 3) scp is called with -r and two directories:
> scp -r remote:/x/y/dir/ /local/dir/
A recursive tree walk can never generate a ".." entry on a Unix-like
system. So if you deny access to all files which contain /../ after the
/local/dir/ entered by the command line, you should be save.
hp
--
_ | Peter J. Holzer | Any setuid root program that does an
|_|_) | Sysadmin WSR / LUGA | exec() somewhere is just a less
| | | hjp@wsr.ac.at | user friendly version of su.
__/ | http://www.hjp.at/ | -- Olaf Kirch on bugtraq 2000-08-07
--EDJsL2R9iCFAt7IV
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
iQDQAwUBOdnfd1LjemazOuKpAQGdpQXSAvlef6PmI8WHwJjAx8xPg2roxLao9fYx
emBOG1qgGas6GuJoVz2NcVz+zXDlM4CVhF51qtUeD85tfSWuRnvKbGwBxaQGdrM+
ofe4RwKBG4iQxOIlECoaj4wDrjY064EdSi8yI6uZApgqEF8+Mh74slDvm/pSEbcE
u8jEdfrcT2QLXhdNZx8hNMgsOOS3pzPPbS7SqMEYkm4kRwg+joUfz8ADetNUXrfD
Sknp4+JFiToFc00tDdfYGtWm0A==
=DwDW
-----END PGP SIGNATURE-----
--EDJsL2R9iCFAt7IV--
