particular, mention that doing an SCP wildcard download into a clean
directory is adequate protection against a malicious server trying
to overwrite your files.
git-svn-id: svn://svn.tartarus.org/sgt/putty@5279
cda61777-01e9-0310-a592-
d414129be87e
However, in the second case (using a wildcard for multiple remote
files) you may see a warning saying something like \q{warning:
However, in the second case (using a wildcard for multiple remote
files) you may see a warning saying something like \q{warning:
-remote host tried to write to a file called 'terminal.c' when we
-requested a file called '*.c'. If this is a wildcard, consider
-upgrading to SSH 2 or using the '-unsafe' option. Renaming of this
-file has been disallowed}.
+remote host tried to write to a file called \cq{terminal.c} when we
+requested a file called \cq{*.c}. If this is a wildcard, consider
+upgrading to SSH 2 or using the \cq{-unsafe} option. Renaming of
+this file has been disallowed}.
This is due to a fundamental insecurity in the old-style SCP
protocol: the client sends the wildcard string (\c{*.c}) to the
This is due to a fundamental insecurity in the old-style SCP
protocol: the client sends the wildcard string (\c{*.c}) to the
are giving the server the ability to write to \e{any} file in the
target directory, so you should only use this option if you trust
the server administrator not to be malicious (and not to let the
are giving the server the ability to write to \e{any} file in the
target directory, so you should only use this option if you trust
the server administrator not to be malicious (and not to let the
-server machine be cracked by malicious people).
+server machine be cracked by malicious people). Alternatively, do
+any such download in a newly created empty directory. (Even in
+\q{unsafe} mode, PSCP will still protect you against the server
+trying to get out of that directory using pathnames including
+\cq{..}.)
\S2{pscp-usage-basics-user} \c{user}
\S2{pscp-usage-basics-user} \c{user}