https://bugzilla.mindrot.org/show_bug.cgi?id=1998
Darren Tucker <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #1 from Darren Tucker <[email protected]> 2012-05-19 15:18:43 EST --- the client side scp can't escape the filenames because it does not know what shell is on the other end or what its quoting rules are (and "fixing" this on the client side doesn't help security anyway). the command gets run by the remote shell regardless of what the remote scp does (you can delete scp from the remote side entirely and it'll still happen). If you want to prevent this, you need to enforce it in the remote shell eg with a restricted shell of some type (scponly and rssh are example I'm aware of, but I can't vouch for them). -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
