Hi again Larry,

On Fri, Dec 07, 2007 at 10:58:12AM -0600, Larry Becke wrote:
> If this were to be put to use in some kind of publicly accessible
> location, I wouldn't even consider this a fix for our problem. I
> do not believe in security through obscurity.


Oh I don't think this qualifies. It's not like you're hiding
anything.


> Now, where this comes into play is when we are dealing with sister
> companies, trusted trading partners, etc... There's already a
> certain level of trust involved, and we're looking for something to
> prevent accidental file relocation.


Then I would be satisfied with this method.


> I understand that carefully tweaked data flow sent to the scp
> server side could cause data to be written to a location other than
> what's specified by the key. I have no questions that that could
> happen.


Cool.


> Now the one thing that I would ask, is this, could a crafted scp
> connection (even when forced to run scp -t ) cause a file to be
> pulled down to the client?


I don't think so, no.


//Peter
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/li...enssh-unix-dev