Package: ssh Version: 1:3.8.1p1-8.sarge.4 Severity: minor File: /usr/bin/scp
The -- flag actually works as one might expect, but it is not documented either in the man page or in the 'Usage' output of scp. This is mildly important, because if anyone were to write a shell script that executed scp * some:target and if they had a file named '-P' or '-o' it might be possible to cause some sort of security breach. However, scp -- * some:target cleanly removes the possibility of trouble from filenames beginning with hyphens. -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.8-1-686 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages ssh depends on: ii adduser 3.59 Add and remove users and groups ii debconf 1.4.30.11 Debian configuration management sy ii dpkg 1.10.25 Package maintenance system for Deb ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libpam-modules 0.76-22 Pluggable Authentication Modules f ii libpam-runtime 0.76-22 Runtime support for the PAM librar ii libpam0g 0.76-22 Pluggable Authentication Modules l ii libssl0.9.7 0.9.7e-2 SSL shared libraries ii libwrap0 7.6.dbs-6 Wietse Venema's TCP wrappers libra ii zlib1g 1:1.2.2-3 compression library - runtime -- debconf information: ssh/insecure_rshd: ssh/privsep_ask: true * ssh/user_environment_tell: * ssh/forward_warning: ssh/insecure_telnetd: ssh/new_config: true * ssh/use_old_init_script: true * ssh/SUID_client: true ssh/disable_cr_auth: false * ssh/privsep_tell: ssh/ssh2_keys_merged: * ssh/protocol2_only: true ssh/encrypted_host_key_but_no_keygen: * ssh/run_sshd: true
