Hashes in scp usernames (OpenSSH bug 472)
Manolis Kiagias
sonic2000gr at gmail.com
Sun Nov 9 14:09:59 PST 2008
Christopher Key wrote:
> Hello,
>
> I've come upon OpenSSH bug 472, whereby scp refuses usernames
> containing a '#' character, dieing with 'invalid user name'. Both
> rsync and ssh accept such usernames, and after looking at
> /usr/src/crypto/openssh/scp.c, it would appear that scp also allows
> such usernames for the source, but not the destination.
>
> I've several questions:
>
> 1) Is there any specific reason why scp behaves like this, and
> specifically why does it only attempt to validate the destination user
> name and not the source?
>
> 2) Assuming it is safe to drop the username validation, I can quite
> happily modify the code as appropriate. However, I'm not sure how to
> rebuild and update with minimum fuss. I really only need to rebuild
> scp and install the new binary, can I do this easily without a full
> make buildworld; make installworld?
>
> 3) Assuming that there's no additional reason not to remove the
> username validation, how should I go about submitting a change request
> to get this modification made in CURRENT, and MFCed as appropriate?
>
> Kind Regards,
>
> Chris Key
>
>
I don't know whether any of this is a good idea (there might be a very
good reason why it is programmed this way, generally stuff in 'secure'
is rather sensitive), but to answer your second question, you would
simply do:
# cd /usr/src/secure/usr.bin/scp
# make
# make install
Since OpenSSH comes from OpenBSD, it may be worth trying asking someone
over there too.
More information about the freebsd-questions
mailing list