X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=blobdiff_plain;f=doc%2Fpscp.but;h=0b26d722345237549e1f304dd5dd46b8d7d5fd4a;hb=182a511ec3dce0b726be5df4e8e16af605ec4f6a;hp=4485b9b1a636f4cfbeb816ad2280c360ef9622a8;hpb=6daf6faede46bd8aa3a39cbe59d34c987b2ea114;p=PuTTY.git

diff --git a/doc/pscp.but b/doc/pscp.but
index 4485b9b1..0b26d722 100644
--- a/doc/pscp.but
+++ b/doc/pscp.but
@@ -96,10 +96,10 @@ direction, like this:
 
 However, in the second case (using a wildcard for multiple remote
 files) you may see a warning saying something like \q{warning:
-remote host tried to write to a file called 'terminal.c' when we
-requested a file called '*.c'. If this is a wildcard, consider
-upgrading to SSH 2 or using the '-unsafe' option. Renaming of this
-file has been disallowed}.
+remote host tried to write to a file called \cq{terminal.c} when we
+requested a file called \cq{*.c}. If this is a wildcard, consider
+upgrading to SSH 2 or using the \cq{-unsafe} option. Renaming of
+this file has been disallowed}.
 
 This is due to a fundamental insecurity in the old-style SCP
 protocol: the client sends the wildcard string (\c{*.c}) to the
@@ -128,7 +128,11 @@ happen. However, you should be aware that by using this option you
 are giving the server the ability to write to \e{any} file in the
 target directory, so you should only use this option if you trust
 the server administrator not to be malicious (and not to let the
-server machine be cracked by malicious people).
+server machine be cracked by malicious people). Alternatively, do
+any such download in a newly created empty directory. (Even in
+\q{unsafe} mode, PSCP will still protect you against the server
+trying to get out of that directory using pathnames including
+\cq{..}.)
 
 \S2{pscp-usage-basics-user} \c{user}