Home
|
FAQ
|
Feedback
|
Licence
|
Updates
|
Mirrors
|
Keys
|
Links
|
Team
Download:
Stable
·
Snapshot
|
Docs
|
Privacy
|
Changes
|
Wishlist
People occasionally ask for an escape sequence which will execute an arbitrary local command, à la ECMA-48 OSC (Operating system command).
This feature is horrendously insecure, and PuTTY will not be implementing it unless someone comes up with some plausible way of dealing with the security issues outlined below.
If your terminal is willing to receive an escape sequence which
directs it to run a local program, and will uncomplainingly do it,
then for a start you've just put your client machine completely at the
mercy of your server - so I do hope you never make a
connection to a machine whose sysadmin is less than a close and
trusted friend of yours! What would stop the server sending a
remote-command escape such as del *.*
, or (perhaps even
worse) one which read sensitive files on your disk and sent them out
to somewhere the malicious server admin could recover them? And even
if your server admin is trustworthy, his machine could be cracked, and
then your client box is at the mercy of the cracker.
Furthermore, applications such as Unix `write' often don't filter escape sequences out of their output, so if you ever have messages enabled then you've handed control of your local machine to any user of the same server who might want it.
In general, your terminal stream should be considered untrusted for these purposes. Users don't normally feel nervous about running `cat' on unknown files just to see what's in them; they tend to feel that the worst that can happen as a result is that they screw up their terminal state and have to reset it - and many users don't even expect that, and come and complain to us when it happens (see the FAQ). If your terminal is willing to run arbitrary local commands when told to by an escape sequence, then you have to adopt a whole new level of paranoia, where (for example) any file not trusted by you is viewed using `cat -v' rather than `cat', and only when you're certain that it's clean of malicious escape sequences do you progress to `cat'.
An alternative remote-execution solution with authentication is DoIt.