[scponly] Question regarding security issues
Michael Schachtebeck
michael.schachtebeck at stud.uni-goettingen.de
Wed Apr 27 13:22:44 EDT 2005
Hi,
I tried to use scponly for a backup server using duplicity
(http://www.nongnu.org/rdiff-backup/duplicity.html). When it failed with
the error
"invalid characters in scp command!",
I began to look through the source code of scponly and found where the
problem is: in scponly.h, ALLOWABLE is defined, and the + character is
not one of the characters allowed. Duplicity stores the backup in files
containing a time stamp in the w3 datetime format in their name (see
http://www.nongnu.org/duplicity/duplicity.1.html#sect5) using the +
character. After adding the + character to ALLOWABLE and recompiling
scponly, duplicity worked fine.
So my question is: Is there a security reason for which the + character
is per default not included in ALLOWABLE?
Michael.
More information about the scponly
mailing list