Nico Kadel-Garcia
2022-Feb-20 18:30 UTC
[PATCH] add sftp-server option to force temp files
On Sun, Feb 20, 2022 at 11:08 AM Nathan Wagner <nw at hydaspes.if.org> wrote:> > The following patch will add a -T option to sftp-server.c that forces > use of a temp file for uploads to the server. It takes an argument that > has 'XXXXXX' added to the end and used as a template string for > mkstemp(3).Wouldn't rsync over SSH be better for this sort of feature aggregation? The potential chroot caged setups for sftp may have their uses, but the more complex you make this sort of behavior, the more vulnerable you become to alarming failures such as leaving behind temporary file debris as the artifact of a failed transfer, especially in edge cases like transferring large files and the transmission being interrupted or running out of disk space.
Demi Marie Obenour
2022-Feb-20 19:53 UTC
[PATCH] add sftp-server option to force temp files
On 2/20/22 13:30, Nico Kadel-Garcia wrote:> On Sun, Feb 20, 2022 at 11:08 AM Nathan Wagner <nw at hydaspes.if.org> wrote: >> >> The following patch will add a -T option to sftp-server.c that forces >> use of a temp file for uploads to the server. It takes an argument that >> has 'XXXXXX' added to the end and used as a template string for >> mkstemp(3). > > Wouldn't rsync over SSH be better for this sort of feature > aggregation? The potential chroot caged setups for sftp may have their > uses, but the more complex you make this sort of behavior, the more > vulnerable you become to alarming failures such as leaving behind > temporary file debris as the artifact of a failed transfer, especially > in edge cases like transferring large files and the transmission being > interrupted or running out of disk space.On Linux, one can use O_TMPFILE to ensure that the file is created atomically. That isn?t portable, though. -- Sincerely, Demi Marie Obenour (she/her/hers) -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_0xB288B55FFF9C22C1.asc Type: application/pgp-keys Size: 4885 bytes Desc: OpenPGP public key URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20220220/a0597432/attachment-0001.bin> -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20220220/a0597432/attachment-0001.asc>
On Sun, Feb 20, 2022 at 01:30:57PM -0500, Nico Kadel-Garcia wrote:> On Sun, Feb 20, 2022 at 11:08 AM Nathan Wagner <nw at hydaspes.if.org> wrote: > > > > The following patch will add a -T option to sftp-server.c that forces > > use of a temp file for uploads to the server. It takes an argument that > > has 'XXXXXX' added to the end and used as a template string for > > mkstemp(3). > > Wouldn't rsync over SSH be better for this sort of feature > aggregation?I don't have any control over the client software. The scanner runs whatever the manufacturer installs.> The potential chroot caged setups for sftp may have their > uses, but the more complex you make this sort of behavior, the more > vulnerable you become to alarming failures such as leaving behind > temporary file debris as the artifact of a failed transfer,I'd rather leave behind a temp file than a partial file with the intended name. The bad temp file is a lot easier to identify and remove. -- nw