search for: cpandya2909

On Wed, 15 Jul 2020, Red Cricket wrote: > I have had this in my .bashrc for years: > > alias scp='rsync -avzP' Similar, though I named it rcp because nobody has the real rcp installed any more, but sometimes I need scp to connect to systems that lack rsync. https://evolvis.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=shellsnippets/shellsnippets.git;a=blob;f=mksh/rcp;hb=HEAD >

Why can the local and remote paths be sanitized? Regards, Uri > On Jul 31, 2020, at 19:57, Ethan Rahn <ethan.rahn at gmail.com> wrote: > > ?I wanted to bring this up again due to: > https://github.com/cpandya2909/CVE-2020-15778/. This showcases a clear > issue with scp which it sounds like cannot be fixed without breaking scp. > This seems like it would lend some impetus to doing _something_, even if it > breaks scp or necessitates using something new. > > Cheers, > > Ethan > >...

...Assignee: unassigned-bugs at mindrot.org Reporter: kircherlike at outlook.com Although separating the scp function from the ssh is a difficult task, it is inappropriate to run commands in the scp that transfers files. Will OpenSSH be able to restore the CVE? https://github.com/cpandya2909/CVE-2020-15778 -- You are receiving this mail because: You are watching the assignee of the bug.

...ize it in any way, you will break > existing use cases. > >> Regards, >> Uri >> >>>> On Jul 31, 2020, at 19:57, Ethan Rahn <ethan.rahn at gmail.com> wrote: >>> >>> ?I wanted to bring this up again due to: >>> https://github.com/cpandya2909/CVE-2020-15778/. This showcases a >>> clear >>> issue with scp which it sounds like cannot be fixed without >>> breaking scp. >>> This seems like it would lend some impetus to doing _something_, >>> even if it >>> breaks scp or necessitates usin...