strip setuid/setgid bits on backup (was Re: small security-related rsync extension)

Mark Eichin eichin at
Mon Jul 8 20:54:01 EST 2002

> never seen a file created with a newline in the filename
> (except, perhaps as a test).  The newline in filename issue

And in security exploits :-)  Given a newline-based format, one *must*
quote or deny newlines in filenames, not assume they're rare.  (No
obvious reason not to use URL-style %-quoting, or mime-style
=-quoting, if you want to preserve ease of filtering...)

More information about the rsync mailing list