Bug 1703 - Atomic replace on upload
Summary: Atomic replace on upload
Status: NEW
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sftp (show other bugs)
Version: 5.3p1
Hardware: Other Linux
: P2 enhancement
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-01-23 08:20 AEDT by Juan Francisco Giordana
Modified: 2010-03-26 11:40 AEDT (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Juan Francisco Giordana 2010-01-23 08:20:39 AEDT 
Hello,

When I upload PHP files to a server it seems that the files are copied over to the remote location instead of being transferred to a temporary location (or buffered) and then moved to the appropriate place. I don't know how is this supposed to work though, but if these files are being uploaded to the remote location in chunks then this is probably a cause of trouble, at least for me.

The thing is that when I upload some files with a relative big size (~40 KB), I can see some PHP parse errors later on the web server logs (i.e. PHP parse errors triggered by 'unexpected end of file').

Because of the nature of scripting languages and because of the nature of PHP being able to be embedded within HTML code my main concern is that this problem could also lead to code leaks, since if the file isn't fully transferred, some PHP open/close tag would be missed and that way the code being leaked to the user's browser/bot.

Regards.
Comment 1 Damien Miller 2010-03-26 11:40:05 AEDT 
It would be fairly easy to support atomic replacement of files on upload in the OpenSSH sftp client. However, it wouldn't work for scp or other sftp clients.

Basically, the client would get an option (-a perhaps) to get/put that up/downloaded into a temporary file and then renamed it into place. For sftp, we would need to enable this only for servers that supported the POSIX rename extension,