strip setuid/setgid bits on backup (was Re: small security-related rsync extension)
Mark Eichin
eichin at thok.org
Mon Jul 8 20:54:01 EST 2002
> never seen a file created with a newline in the filename
> (except, perhaps as a test). The newline in filename issue
And in security exploits :-) Given a newline-based format, one *must*
quote or deny newlines in filenames, not assume they're rare. (No
obvious reason not to use URL-style %-quoting, or mime-style
=-quoting, if you want to preserve ease of filtering...)
More information about the rsync
mailing list