Christopher Key wrote:

I've come upon OpenSSH bug 472, whereby scp refuses usernames containing a '#' character, dieing with 'invalid user name'. Both rsync and ssh accept such usernames, and after looking at /usr/src/crypto/openssh/scp.c, it would appear that scp also allows such usernames for the source, but not the destination.

I've several questions:

1) Is there any specific reason why scp behaves like this, and specifically why does it only attempt to validate the destination user name and not the source?

2) Assuming it is safe to drop the username validation, I can quite happily modify the code as appropriate. However, I'm not sure how to rebuild and update with minimum fuss. I really only need to rebuild scp and install the new binary, can I do this easily without a full make buildworld; make installworld?

3) Assuming that there's no additional reason not to remove the username validation, how should I go about submitting a change request to get this modification made in CURRENT, and MFCed as appropriate?

Kind Regards,

Chris Key

I don't know whether any of this is a good idea (there might be a very good reason why it is programmed this way, generally stuff in 'secure' is rather sensitive), but to answer your second question, you would simply do:

# cd /usr/src/secure/usr.bin/scp
# make
# make install

Since OpenSSH comes from OpenBSD, it may be worth trying asking someone over there too.
_______________________________________________ mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to