1

I need to cat an untrusted file on a remote server. I'm doing this by logging in with SSH.

There are known risks related to cat-ing untrusted files. See here.

The cat -v option can be used to encode non-printing characters:

-v, --show-nonprinting   use ^ and M- notation, except for LFD and TAB

Does this -v option provide adequate protection against control character injection and other attacks?

There is also the -E option, which shows a $ at the end of lines. Is there a security benefit to using -E too?

If I were to cat a maliciously crafted file with an exploit, which system would actually be compromised? The remote server where the file is located and the cat command is running, or the local machine with the SSH client that is actually displaying the data?

rubberband876
  • 173
  • 5
  • You would exploit the local machine, assuming the exploit was compatible with it. – LSerni Dec 08 '18 at 08:46
  • 1
    @LSerni Assuming it's a PTY over SSH and not, say, X11 forwarding of a vulnreable xterm. – forest Dec 08 '18 at 09:17
  • @LSerni So you mean the client machine displaying the output would be compromised, rather than the remote server where ```cat``` is running and the file is located? – rubberband876 Dec 08 '18 at 12:15
  • 1
    @rubberband876 Yes, taking into account forest's proviso. What "powers" the compromise is the output being interpreted, so it happens wherever the output, indeed, gets interpreted; not where it is generated by `cat` or otherwise, nor where the final graphical result is displayed. – LSerni Dec 09 '18 at 10:06

0 Answers0