| delorie.com/archives/browse.cgi | search |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 According to TheO on 12/3/2008 6:29 AM: >> No, we mean "get c:/dir/file" or "get c:\dir\file". (or "put >> //hostname/share/file", shudder.) >> > > This is what I get: > > sftp> cd C:/ > Couldn't canonicalise: No such file or directory That's with /. What about with \? The cygwin dll sometimes treats the two separators differently, where using \ is more likely to bypass cygwin checks. And what about Brian's other point - if sshd has a security bug like a buffer overrun (shudder, but possible - look at how often openssh has been updated over the years to fix security holes as soon as someone identifies one), then the attacker merely need exploit the buffer overrun to inject code that calls a native Windows API. Harder to exploit? Yes. But certainly _much_ more of a worry than whether or not you have hidden undesirable file names from honest users. - -- Don't work too hard, make some time for fun as well! Eric Blake ebb9 AT byu DOT net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Cygwin) Comment: Public key at home.comcast.net/~ericblake/eblake.gpg Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkk2jBkACgkQ84KuGfSFAYAZqQCeOq4Xd19ThRoXeKNRnEmJKhRZ mDEAoJ2UdYEHXhYBLfKWrzvuhQbWXCyN =ttsH -----END PGP SIGNATURE----- -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |