strip setuid/setgid bits on backup (was Re: small security-related rsync extension)

[Mark Eichin]

> never seen a file created with a newline in the filename
> (except, perhaps as a test).  The newline in filename issue

And in security exploits :-)  Given a newline-based format, one *must*
quote or deny newlines in filenames, not assume they're rare.  (No
obvious reason not to use URL-style %-quoting, or mime-style
=-quoting, if you want to preserve ease of filtering...)