[scponly] Re: chmod/WinSCP bug in scponly-2.4?

joe joe at sublimation.org
Tue Sep 24 17:31:42 EDT 2002 

i see the problem.  scponly isnt expecting chmod commands of that format
(including the -+ and , characters).

a quick hack for your purposes would be to add those characters to the
ALLOWABLE preprocessor macro defined in scponly.h and then recompile.
(the risk there is that those characters are no longer refused for
requests to something like /bin/sh - i'm not sure how bad that really is,
the comma is a potential problem)

i will also look at incorporating a "real" fix in the next scponly
revision.

thanks for the update, i WILL get to it.

joe

----

PGP KEY: http://www.sublimation.org/contact.html
PGP Key fingerprint = EC4B 0DA5 B4F6 BDDD 9176 55D6 3A6A 7D63 158F 22D2


On Wed, 25 Sep 2002, Christoph Haas wrote:

> Hi, Joe...
>
> The site which should run your scponly mailing list seems to be down. So
> this mail is both a bug report and a cry for help directed personally to
> you. ;)
>
> I'm using scponly 2.4 in a web server environment where users should
> only be allowed to put HTML files in their home directories. So I'm
> using the chroot'ed version. It works quite well so far (using WinSCP by
> the way). Just the 'chmod' command fails time and again.
>
> The WinSCP session.log reads this:
> ---
> . Changing mode of file "Corel SCRIPT 7_8 Readme.html" to
> u+rw-x,g+r-wx,o-rwx (recursive=No).
>  > chmod  u+rw-x,g+r-wx,o-rwx "Corel SCRIPT 7_8 Readme.html" ; echo
> "WinSCP: this is end-of-file:$?"
> ! invalid characters in scp command!
> ! here:+rw-x,g+r-wx,o-rwx "Corel SCRIPT 7_8 Readme.html"
> ! try using a wildcard to match this file/directory
> < WinSCP: this is end-of-file:-1
> ---
>
> It looks to me like the 'scponlyc' binary cannot detect that WinSCP
> wants to run 'chmod'. The source code looks okay to me on first sight.
> Have other users reported this bug to you? I would have tried the 3.1
> version but don't want to run a beta on my 'private production server'.
> (In addition I couldn't configure without having the sftp-server installed.)
>
> As a reward I would like to contrib an RPM version of the 2.4 version
> as soon as I'm sure everything runs smoothly.
>
> I'm looking forward to your reply.
>
>   Christoph
>

More information about the scponly mailing list