Invalid user name: function okname() in scp.c
Reza Hedayat
reza.hedayat at adnovum.ch
Wed Mar 7 20:34:30 EST 2012
Hi Ángel
Thanks a lot for your quick answer.
You're right, this use case is very rare, but unfortunately there exist
some cases. :(
Cheers
Reza
On 03/06/12 19:40, Ángel González wrote:
> On 06/03/12 18:57, Reza Hedayat wrote:
>> Hi OpenSSH developers
>>
>> In the source file *scp.c* there is a function called *okname(char
>> *cp0)* that validates the entered username by using the scp command as
>> follows:
>>
>> ( Fragment scp.c skipped)
>>
>> Thereby, usernames that contain the hash sign (#) are rejected. Is
>> there a good reason why this logic was introduced?
>> If there is no reason, so is it possible to remove the mentioned
>> case-statement?
>>
>> I thank you in advance for your help and remain with best wishes
>> Reza Hedayat
> It's trying to avoiod shell special characters (quotes, backticks,
> spaces...). The # introduces a comment in the shell (would need
> escaping), so that's surely the reason it's forbidden.
> You could replace it if you were sure the username is never used unquoted.
> Having a # in the user name is very rare, though.
More information about the openssh-unix-dev
mailing list