Why does this array of PSFTP commands not work on some Windows devices

Question

I have the following snippet of code in a PowerShell script:

    $cmd = @(
       "lcd $local_directory",
       "mget $remote_files",
       "del $remote_files"
    )
$ErrorActionPreference = "SilentlyContinue"
$cmd | & $psftp $sftpserver "-l" $user "-i" $private_key "-v"

This exact same code works on one Windows server and not on another. The only part that does not work is the "lcd" part. When it does work psftp changes the local directory perfectly. When it does not work I can see in the logs that its attempting to change to some portion of the local path I have passed it. For instance if I passed "C:\folder1\documents" it would show it attempted to change to "er1\documents" or some other fraction of the path. I have attempted different directories, different powershell versions, hardcoding the local path. Additionally, if I remove the lcd command I see odd behavior with the mget command. Is there something I am missing regarding passing arguments to cmd from powershell?

EDIT: I have more info, but more confusion. Each time I add another argument I get a piece of the actual local directory back... So with the following code snippet I actually get a properly working lcd argument. but why!!!!

    $cmd = @(
    "lcd 'C:\'",
    "lcd 'C:\'",
    "lcd 'C:\'",
    "lcd $local_directory",
    "mget $remote_files"
    )

EDIT 2:

This apparently has nothing to do with the specific lcd command. I still dont have an answer for this so I'm hoping someone can help. Through further testing I've learned that the $cmd works if I add a 32 character long value to the first index in that array. (Curious that its 32)

So this also works:

$garbage = "                               "
$lcd_command = ("lcd " + $local_directory)
$mget_command = ("mget " + $remote_files)

$cmd = $garbage, $lcd_command, $mget_commandcode

I am at my wits' end here... please help

Thank you

I think it is a permission issue. Some windows systems users to not have permission to access root folder c:\. — jdweng, Apr 25 '23 at 00:24
@jdweng You are correct! I still dont know the exact issue it is having but I was able to test on the server that the original command works on with a different user account (non admin rights) and encounter the same error. So, the best I can tell, the 32 characters somehow gets around folder permissions... which is odd. — CamParker, Apr 25 '23 at 13:06
If that were true, it wouldn't just be odd, but a glaring security vulnerability that @MartinPrikryl would want to know about. — mklement0, Apr 25 '23 at 13:07
I understand being hesitant to believe a stranger on the internet, but sadly it is true. Isnt technology grand :) — CamParker, Apr 25 '23 at 13:10
It may be true (I can't personally verify it). Either way, action is required: If the vulnerability is real, it should be fixed (hence my pinging [MartinPrikryl](https://stackoverflow.com/users/850848/martin-prikryl), the author of `psftp`). If it isn't, your symptom deserves a proper explanation. — mklement0, Apr 25 '23 at 13:21
@mklement0 I'm not the author of psftp (I'm the author of WinSCP) :) — Martin Prikryl, Apr 26 '23 at 04:44
Thanks for clarifying, @MartinPrikryl. I assume you're knowledgeable about it, however, so does the explanation offered ring true to you? — mklement0, Apr 26 '23 at 06:26
@mklement0 Unfortunately, No. That's why I've ask for MCVE above. I wonder if the problem can be reproduced without PS. — Martin Prikryl, Apr 26 '23 at 07:42

CamParker · Answer 1 · 2023-04-25T13:25:19.770

The issue is not specifically the lcd command. I did further troubleshooting and found that for whatever reason I have to send 32 characters of something before sending the actual commands... The above works flawlessly.

$garbage = "                               "
$lcd_command = ("lcd " + $local_directory)
$mget_command = ("mget " + $remote_files)

$cmd = $garbage, $lcd_command, $mget_command

Answer: I was able to reproduce the error/issue on a normally working environment by simply logging in with a non admin account. So, this is somehow a permissions issue. A very odd permissions issue. And, if you do as I mentioned above and pass a 32 character string before the psftp commands it will bypass the permissions issue.

Elaborated Answer: To reproduce my situation try running a powershell script that calls psftp.exe and passes in commands like the ones I've shown in my post. Do this as a Windows user that has standard permissions but not local administrator rights. You should encounter the same issue that the initial lcd command (first index in array of commands sent from powershell) will fail in psftp. Now modify your array of commands to pass a 32 character string as the first index value in the array and your lcd command will suddenly work.

Why does this array of PSFTP commands not work on some Windows devices

1 Answers1