openssh bugs - Apr 2010 - [Bug 1754] New: Can not copy from directories with space.

https://bugzilla.mindrot.org/show_bug.cgi?id=1754

           Summary: Can not copy from directories with space.
           Product: Portable OpenSSH
           Version: 5.1p1
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: scp
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: socketpair at gmail.com


mmarkk at ubuntu:~$ scp host.ru:/home/mmarkk/some\ dir/file.ext .
mmarkk at host.ru's password: 
scp: /home/mmarkk/some: No such file or directory
scp: dir/file.ext: No such file or directory

It is able to copy to local dir with space. but

mmarkk at ubuntu:~$ scp /etc/passwd host.ru:/mnt/rw_disc/qwe\ qwe/
mmarkk at host.ru's password: 
scp: ambiguous target

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1754

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at zip.com.au

--- Comment #1 from Darren Tucker <dtucker at zip.com.au> 2010-04-11
17:36:27 EST ---
Actually you can, but you need to double-quote the argument since it
gets processed twice: once by the local shell and once by the remote
shell.

Both of these work:
$ scp "localhost:/tmp/foo\ bar/baz" baz
$ scp localhost:/tmp/foo\\\ bar/baz baz

Your local example works because it's only processed once by the local
shell.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1754

--- Comment #2 from ????????? ???? <socketpair at gmail.com> 2010-04-11
17:40:11 EST ---
I think, that when issuing command on remote shell, scp SHOULD escape
strings.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1754

--- Comment #3 from ????????? ???? <socketpair at gmail.com> 2010-04-11
17:43:24 EST ---
If not, it is security vulnerability - suppose one have automatic scp
commands on some server. Specifying bad file name may cause executing
commands or accessing files on remote side.

double-quoting may cause compatibility problems in future, when this
bug will be eliminated.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1754

--- Comment #4 from Darren Tucker <dtucker at zip.com.au> 2010-04-11
18:05:20 EST ---
(In reply to comment #2)
> I think, that when issuing command on remote shell, scp SHOULD escape
> strings.
You can't reliably do this: there's no way for scp to know what the
remote shell is and thus what its escaping rules are.  There's no
guarantee it has the same rules as the local shell.

(In reply to comment #3)
> If not, it is security vulnerability - suppose one have automatic scp
> commands on some server. Specifying bad file name may cause executing
> commands or accessing files on remote side.
If the (restricted) shell you're using allows executing commands based
on the content of the filenames then you have a problem with either the
shell or its config.  Also, relying on client-side escaping as a
security measure is worthless even if you could do it reliably, which
you can't.
> double-quoting may cause compatibility problems in future, when this
> bug will be eliminated.
This is fundamentally unfixable within the scp "protocol", such as it
is.  If this bugs you then use sftp instead since the filename are
encoded in a defined way within the protocol and not subject to the
vagaries of shell processing.

See http://www.openssh.com/faq.html#2.10

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1754

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |WONTFIX

--- Comment #5 from Darren Tucker <dtucker at zip.com.au> 2010-04-23
10:25:16 EST ---
Sorry, but as per the FAQ we won't be changing this.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1754

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #6 from Damien Miller <djm at mindrot.org> 2011-01-24 12:33:31
EST ---
Move resolved bugs to CLOSED after 5.7 release

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.