Re: scp -t . - possible idea for additional parameter - openssh
This is a discussion on Re: scp -t . - possible idea for additional parameter - openssh ; On 2007-10-11 18:01, Larry Becke wrote:
> Look, I'm tired of arguing my reasons. Let's just agree to disagree on my reasoning.
That agreement is implicit. :^)
> Answer the question.
> Can this be done?
Theoretically. See my previous ...
-
Re: scp -t . - possible idea for additional parameter
On 2007-10-11 18:01, Larry Becke wrote:
> Look, I'm tired of arguing my reasons. Let's just agree to disagree on my reasoning.
That agreement is implicit. :^)
> Answer the question.
> Can this be done?
Theoretically. See my previous message.
> Is it so terribly hard to add the feature?
It's not easy. See my previous message, and do a little research on path
canonicalization and past directory traversal vulnerabilities in, e.g.
IIS and Apache, to understand this better.
> Will it hurt anything to add the feature?
If it isn't done 100% correctly, yes. See my previous message.
> I'd be happy to discuss offline the reasoning behind my request.
> It's valid, and if you'd bother to keep an open mind, you might actually understand where I'm coming from.
I think we're way ahead of where you're coming from, which is why I
asked, "Have you tried WebDAV over SSL?"
--
Jefferson Ogata
NOAA Computer Incident Response Team (N-CIRT)
"Never try to retrieve anything from a bear."--National Park Service
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/li...enssh-unix-dev
