On Thu, Dec 06, 2007 at 05:26:14PM -0600, Larry Becke wrote:
> This leads me to believe that using the scp -t
> /some/path/to/a/directory command= in the authorized_keys file
> causes scp to forget/ignore everything after the remote hostname.


There is one more step between the remote scp (run with -t) and the
"remote filename" as specified in the local shell: The local scp.


> This gives us almost exactly what we were looking for


I think that depends on the local scp program.

What happens if you (within the scp protocol, not in the shell)
specify e.g. a new directory ../../../../../../../tmp/breakout ?

I would assume that /tmp/breakout is created.

If your local scp program is trusted then you're all set. But if that
was the case why bother with locking down the server?


> Like I said, I'm sitting here laughing right now, mostly because it
> was a lot of wasted effort on all sides to argue (or discuss with
> pointed statements) over something that already existed, even if it
> wasn't known or documented.


I still believe there was a good reason for that argument.


> (Wonders if this will be considered a bug to be fixed or quashed as
> it wasn't an intended *feature* of scp).... I hope not...


It's just a side effect of the rcp/scp design.


//Peter
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/li...enssh-unix-dev