diff options
author | djm@openbsd.org <djm@openbsd.org> | 2019-01-26 22:41:28 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2019-02-08 16:39:38 +0000 |
commit | 125924e47db3713a85a70e0f8d6c23818d2ea054 (patch) | |
tree | c8427bede4b2f4577f27250dbd84c8f8c50928de /scp.1 | |
parent | 2a8f710447442e9a03e71c022859112ec2d77d17 (diff) |
upstream: check in scp client that filenames sent during
remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server
sending unexpected filenames, but it comes at a risk of rejecting wanted
files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen
fix approach suggested by markus@;
has been in snaps for ~1wk courtesy deraadt@
OpenBSD-Commit-ID: 00f44b50d2be8e321973f3c6d014260f8f7a8eda
CVE-2019-6111
Origin: backport, https://anongit.mindrot.org/openssh.git/commit/?id=391ffc4b9d31fa1f4ad566499fef9176ff8a07dc
Last-Update: 2019-02-08
Patch-Name: check-filenames-in-scp-client.patch
Diffstat (limited to 'scp.1')
-rw-r--r-- | scp.1 | 12 |
1 files changed, 11 insertions, 1 deletions
@@ -18,7 +18,7 @@ | |||
18 | .Nd secure copy (remote file copy program) | 18 | .Nd secure copy (remote file copy program) |
19 | .Sh SYNOPSIS | 19 | .Sh SYNOPSIS |
20 | .Nm scp | 20 | .Nm scp |
21 | .Op Fl 346BCpqrv | 21 | .Op Fl 346BCpqrTv |
22 | .Op Fl c Ar cipher | 22 | .Op Fl c Ar cipher |
23 | .Op Fl F Ar ssh_config | 23 | .Op Fl F Ar ssh_config |
24 | .Op Fl i Ar identity_file | 24 | .Op Fl i Ar identity_file |
@@ -208,6 +208,16 @@ to use for the encrypted connection. | |||
208 | The program must understand | 208 | The program must understand |
209 | .Xr ssh 1 | 209 | .Xr ssh 1 |
210 | options. | 210 | options. |
211 | .It Fl T | ||
212 | Disable strict filename checking. | ||
213 | By default when copying files from a remote host to a local directory | ||
214 | .Nm | ||
215 | checks that the received filenames match those requested on the command-line | ||
216 | to prevent the remote end from sending unexpected or unwanted files. | ||
217 | Because of differences in how various operating systems and shells interpret | ||
218 | filename wildcards, these checks may cause wanted files to be rejected. | ||
219 | This option disables these checks at the expense of fully trusting that | ||
220 | the server will not send unexpected filenames. | ||
211 | .It Fl v | 221 | .It Fl v |
212 | Verbose mode. | 222 | Verbose mode. |
213 | Causes | 223 | Causes |