[scponly] scponly bug with '+' in filenames
wby oblyr
joe at sublimation.org
Fri Feb 20 11:09:32 EST 2004
limiting the character input was implemented to prevent users from piggybacking shell special
characters along with the shell invocation command. things like semicolins and ampersands, all of which
can be in a filename. the problem is when the shell (or a system() call) interprets the character
first.
it isnt strictly required anymore (i dont think). i'll do an audit of the relevant areas and perhaps as
a ./configure directive to not limit the input characters.
more later,
joe
Thomas Wana wrote this message on Fri, Feb 20, 2004
at 19:17 +0100: > Sven Hoexter schrieb:
>
> >On Wed, Feb 18, 2004 at 10:28:55PM +0100, Thomas Wana wrote:
> >
> >
> >>Hi there,
> >>
> >>got this bug in today - seems like a bug in scponly.
> >>Can someone of the developers look into this, please?
> >>
> >>
> >can be fixed but it's always the question if we need "+"
> >in filenames and if it's a good idea to allow them.
> >
> >Take a look at scponly.h and the #define ALLOWABLE
> >
> >
> Well it's a matter of discussion (or taste) wether to include the "+". I
> personally would opt to allow any character that can be in a unix
> filename, for consistency.
>
> The Debian package will allow the '+' from the next package release on,
> and I would be happy if you'd also include it in the official tarball
> (or, even
> better, allow any valid filename character)
>
> Tom
>
> >Sven
> >
> >
>
>
> _______________________________________________
> scponly mailing list
> scponly at lists.ccs.neu.edu
> https://lists.ccs.neu.edu/bin/listinfo/scponly
--
----
PGP KEY: http://www.sublimation.org/contact.html
PGP Key fingerprint = EC4B 0DA5 B4F6 BDDD 9176 55D6 3A6A 7D63 158F 22D2
More information about the scponly
mailing list