You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@mina.apache.org by "Goldstein Lyor (JIRA)" <ji...@apache.org> on 2016/04/13 18:57:25 UTC

[jira] [Updated] (SSHD-605) VirtualFileSystemFactory allows escaping from root

     [ https://issues.apache.org/jira/browse/SSHD-605?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Goldstein Lyor updated SSHD-605:
--------------------------------
    Fix Version/s: 1.3.0

> VirtualFileSystemFactory allows escaping from root
> --------------------------------------------------
>
>                 Key: SSHD-605
>                 URL: https://issues.apache.org/jira/browse/SSHD-605
>             Project: MINA SSHD
>          Issue Type: Bug
>    Affects Versions: 1.0.0
>         Environment: Windows, JDK 7
>            Reporter: Damien B
>            Assignee: Goldstein Lyor
>              Labels: security
>             Fix For: 1.1.0, 1.3.0
>
>
> Possibly Windows only.
> I start a SFTP server like this:
> sshd = SshServer.setUpDefaultServer();
> [...]
> sshd.setFileSystemFactory(new VirtualFileSystemFactory(myRootDir.getCanonicalPath()));
> [...]
> sshd.setSubsystemFactories(Arrays.<NamedFactory<Command>>asList(new SftpSubsystemFactory()));
> I connect to the server with FileZilla.
> Upon connexion, the files in myRooDir correctly appear under the server path '/'. But if I cd to '/c:/Windows/', the files in C:\Windows\ appear, escaping the VFS root.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)