}
c.cmd = exec.Command("ssh",
append(append([]string{}, c.sshOpts...),
}
c.cmd = exec.Command("ssh",
append(append([]string{}, c.sshOpts...),
//
// The target directory must no permit other users to delete our files
// or symlink attacks and arbitrary code execution is possible. For
//
// The target directory must no permit other users to delete our files
// or symlink attacks and arbitrary code execution is possible. For
//
// We cannot use `test -f && test -O` because this is open to TOCTOU
// attacks. `stat` gives use the full file state. If the file is owned
//
// We cannot use `test -f && test -O` because this is open to TOCTOU
// attacks. `stat` gives use the full file state. If the file is owned
- // by us and not a symlink then it's safe to use (assuming sticky or
- // directory not writable by others).
+ // by us and not a symlink then it's safe to use (assuming sticky
+ // directory or directory not writable by others).
//
// `test -e` is only used to prevent error messages if the file
// doesn't exist. It does not guard against any races.
//
// `test -e` is only used to prevent error messages if the file
// doesn't exist. It does not guard against any races.
c.sshRemote,
fmt.Sprintf("cat > %q", path))...)
cmd.Stdin = bytes.NewReader(helper)
c.sshRemote,
fmt.Sprintf("cat > %q", path))...)
cmd.Stdin = bytes.NewReader(helper)