https://bugzilla.mindrot.org/show_bug.cgi?id=3693
Bug ID: 3693 Summary: Is SFTP local command execution implemented based on an RFC protocol? Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: sftp Assignee: unassigned-b...@mindrot.org Reporter: rmsh1...@163.com Hi, As we all known, we can execute some commands in local shell or escape to local shell by using '!'. However, I can't find the description in ssh protocols. If this feature is implemented based on an RFC protocol? Please let me know if it is. Thanks. Also, is there a security issue involved? For example, when the expect script is used to implement SFTP automatic interaction, the server can construct a specific banner to deceive the expect script and execute the client script. More specifically, the expect script looks for the password keyword to enter the user's password. If there is a executable script named "!test" on the client. The password of this account on the server is also "!test", the server allows login to accounts with empty password strings and the keyword "password" is added to the banner. The password in the banner will be captured by the expect script and then the password "!test" will be is entered. In this case, local script willed executed. I don't know if this is a problem, although it seems to be a normal function of sftp and the server in this case is not trusted. -- You are receiving this mail because: You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs