Re: Do we have standards available for scp ??

To: Markus Friedl <markus%openbsd.org@localhost>
Subject: Re: Do we have standards available for scp ??
From: Andrew Brown <atatat%atatdot.net@localhost>
Date: Tue, 15 Jan 2002 13:44:33 -0500

>> Frankly, it would be also good to document RCP and to have a lengthy
>> description of why RCP is a bad idea operationally (e.g. list of
>> security risks with RCP) and even suggest using SCP instead (to
>> reduce security risks).
>
>But SCP == RCP (the protocols), so either _both_ are secure
>or _none_.

well...yes and no.  they are almost the same, but there are also
places where they differ radically, depending on your point of view.
for example, in the source() routine of my netbsd-current rcp:

                if (pflag) {
                        /*
                         * Make it compatible with possible future
                         * versions expecting microseconds.
                         */
                        (void)snprintf(buf, sizeof(buf), "T%ld %ld %ld %ld\n",
                            (long)stb.st_mtimespec.tv_sec,
                            (long)stb.st_mtimespec.tv_nsec / 1000,
                            (long)stb.st_atimespec.tv_sec,
                            (long)stb.st_atimespec.tv_nsec / 1000);
                ...
                (void)snprintf(buf, sizeof(buf), "C%04o %lld %s\n",
                    stb.st_mode & RCPMODEMASK, (long long)stb.st_size, last);

whereas in the same routine in ssh-1.2.32 (as an example):

                if (pflag) {
                        /*
                         * Make it compatible with possible future
                         * versions expecting microseconds.
                         */
                        (void)snprintf(buf, sizeof(buf), "T%lu 0 %lu 0\n",
                                      (unsigned long)stb.st_mtime, 
                                      (unsigned long)stb.st_atime);
                ...
                (void)snprintf(buf, sizeof(buf), "C%04o %lu %s\n",
                              (unsigned int)(stb.st_mode & FILEMODEMASK), 
                              (unsigned long)stb.st_size, 
                              last);

the size of longs can differ between cpu architectures, and a long
long is not necessarily the same size as a long in all places either.
as protocols go, it works, but it appears to be looking for trouble.

>> That's a bit outside this WG's charter
>> (potentially, subject to WG Chair decision), whereas documenting SCP
>> sufficiently to write an interoperable implementation from the RFC
>> would seem clearly within this WG's charter (also subject to WG Chair
>> decision).
>
>Well, documenting SCP means documenting RCP.

otoh, an existing document covering rcp would make the scp document a
lot easier.

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior%daemon.org@localhost             * "ah!  i see you have the internet
twofsonet%graffiti.com@localhost (Andrew Brown)                that goes *ping*!"
andrew%crossbar.com@localhost       * "information is power -- share the wealth."

Follow-Ups:
- Re: Do we have standards available for scp ??
  - From: Markus Friedl

References:
- Re: Do we have standards available for scp ??
  - From: Markus Friedl
- Re: Do we have standards available for scp ??
  - From: RJ Atkinson
- Re: Do we have standards available for scp ??
  - From: Markus Friedl

Prev by Date: Re: Do we have standards available for scp ??
Next by Date: Re: Do we have standards available for scp ??
Previous by Thread: Re: Do we have standards available for scp ??
Next by Thread: Re: Do we have standards available for scp ??
Indexes:

Home | Main Index | Thread Index | Old Index