On Mon, 24 Apr 2017 13:34:09 -0500, John McKown wrote: > >NO! > >You can NOT do a "!cp ..." to copy the file on the _server_ to a dataset on >the _server_. That is because the "!..." sftp command runs the given >command _ON THE CLIENT_ (i.e. your machine). Otherwise, some clever person >could possibly do untold damage by running some arbitrary command that they >just ftp'd to the server on the server. The thought makes me shudder. > sftp depends on ssh. But ... is it possible to configure ssh so only the sftp agent, not a shell, is allowed as an ssh agent on the server?
Otherwise, there's the possibility of: cat malicious.script | ssh z/OS "sh" # to do untold damage. Or, in fact: ssh z/OS put malicious.script .profile ... and wait for untold damage to happen. -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN