|
|
|
|
|
|
by eneveu
2045 days ago
|
|
|
Having servers offer scp instead of ssh is not the only problem. What about this part of the article: Finally, while the danger is remote, it is worth noting that a local file name containing `backticks` (a file named `touch you-lose`, for example) will be handled the same way on the other end; if a user can be convinced to perform a recursive copy of a directory tree containing a file with a malicious name, bad things can happen. |
|
|