On Wed, 4 Nov 2020 at 11:39, Michael Hennebry < hennebry@web.cs.ndsu.nodak.edu> wrote:
I've not used sftp at all. I've only used scp when I had control at both ends.
On Wed, 4 Nov 2020, George N. White III wrote:
This is due to a fundamental insecurity in the old-style SCP protocol:
the
client sends the wildcard string (*.c) to the server, and the server
sends
back a sequence of file names that match the wildcard pattern. However, there is nothing to stop the server sending back a different pattern and writing over one of your other files: if you request *.c, the server
might
send back the file name AUTOEXEC.BAT and install a virus for you. Since
the
wildcard matching rules are decided by the server, the client cannot reliably verify that the filenames sent back match the pattern.
In this particular case, I'd think the client could tell that a .BAT file was not a .c file.
Downloading 1000's of files resulting from some HPC calculation it would be easy to overlook an unwanted file.
There is only so much any protocol can do about a malicious server. Even if the client explicitly specifies a server file, there is no guarantee that the server will send a correct copy.
Those HPC systems can have many users, all with write access to shared data spaces; one compromised user workstation could be used to place malware where scp might find it. It is more of a concern now that user workstations have moved into people's homes outside the enterprise LAN's.