Re: bin/31107 (scp can't handle remote file names with '(' in them)

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,dillo%NetBSD.org@localhost
Subject: Re: bin/31107 (scp can't handle remote file names with '(' in them)
From: Dieter Baron <dillo%danbala.tuwien.ac.at@localhost>
Date: Mon, 28 Apr 2008 16:50:02 +0000 (UTC)

The following reply was made to PR bin/31107; it has been noted by GNATS.

From: Dieter Baron <dillo%danbala.tuwien.ac.at@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: 
Subject: Re: bin/31107 (scp can't handle remote file names with '(' in them)
Date: Mon, 28 Apr 2008 18:46:39 +0200

 On Mon, Apr 28, 2008 at 02:54:24AM +0000, dholland%NetBSD.org@localhost wrote:
 > Synopsis: scp can't handle remote file names with '(' in them
 > 
 > When I do
 >    scp otherhost:\(* .
 > the local shell expands the *.

   Expansion of * is a non-issue here, unless you really have a file
 matching ``otherhost:\(*'': If a glob does not match anything, the
 shell leaves it unexpanded.

 > If I write
 >    scp otherhost:'\(*' .
 > it works perfectly as I would expect - it fetches all remote files that
 > match the glob \(*.

   Indeed.  Note, however, that you quoted the ``('' twice: once inside
 single quotes, and once with a backslash.  The local shell eats the
 quotes, the remote shell the backslash.

 > What behavior were you expecting/trying to achieve?

   I would expect
        scp otherhost:\(\* .
   to work, and not give the following error:

 bash: -c: line 0: syntax error near unexpected token `('
 bash: -c: line 0: `scp -f (*'

   This makes me think of nasty surprises given strange names like
 ``foo; rm -rf /''.  One might even call it an exploitable security
 hole.

 > I would expect that any quoting at the other end that would protect
 > parens would also inhibit remote wildcard expansion, which would be
 > highly undesirable.

   1) We could escape every meta-character (including globs) and have
      scp -f expand them (via glob(3) or similar).

   2) We could escape shell meta-characters that are not glob
      meta-characters (like `(', '&', '>', ...) with backslashes.

   At the very least, we should document that shell meta-characters
 have to be escaped twice.  (On a related note, we should also document
 that a file with `:' in its name has to be copied as ./file:name.)

                                        yours,
                                        dillo

Follow-Ups:
- Re: bin/31107 (scp can't handle remote file names with '(' in them)
  - From: Manuel Bouyer

Prev by Date: Re: kern/34843: FAST_IPSEC and "use"
Next by Date: Re: kern/34843: FAST_IPSEC and "use"
Previous by Thread: Re: bin/31107 (scp can't handle remote file names with '(' in them)
Next by Thread: Re: bin/31107 (scp can't handle remote file names with '(' in them)
Indexes:

Home | Main Index | Thread Index | Old Index