Suggested configuration is not secure

[randomstuff]

The suggested configuration is not secure:

^scp -p( -d)? -t( --)? /srv/reprepro/incoming(/[^ /]*)?$
^chmod 0644 /srv/reprepro/incoming/[^ /]*$
^reprepro ( -V)? -b /srv/reprepro processincoming foobar$

The first and second regex can be abused to execute arbitrary commands:

SSH_ORIGINAL_COMMAND='scp -p -t /srv/reprepro/incoming/&echo    owned' /usr/lib/restricted-ssh-commands test.conf 

where a TAB is used instead of spaces between echo and owned.

/ is blacklisted but a rm -rf / can be executed using $(printf "\x2f") for example.

The documentation should probably warn about the dangers of accepting TAB CR LF $ "" '' `` & ; and so on in the regex.

[carnil]

Bug report in Debian: https://bugs.debian.org/876392

[bdrung]

Thanks for reporting the bug.

[bdrung]

Can you review the man page changes in commit 4f7e1b8? I will prepare a new release if you are happy with the docs.

[randomstuff]

I think including . in the pattern allows you to use /srv/reprepro/incoming/.. ;) and escape into /srv/reprepro/. Apart from that it looks good.