diff --git a/src/gl-auth-command b/src/gl-auth-command
index 61b2f5a..990a604 100755
--- a/src/gl-auth-command
+++ b/src/gl-auth-command
@@ -93,6 +93,10 @@ unless ($ENV{SSH_ORIGINAL_COMMAND}) {
     $ENV{SSH_ORIGINAL_COMMAND} = 'info';
 }
 
+# quick sanity check for newlines; could be used to create fake log entries.
+# Not an access violation but possibly an audit/compliance reporting violation
+die "I don't like newlines in the command: $ENV{SSH_ORIGINAL_COMMAND}\n" if $ENV{SSH_ORIGINAL_COMMAND} =~ /[\n\r]/;
+
 # admin defined commands; please see doc/admin-defined-commands.mkd
 if ($GL_ADC_PATH and -d $GL_ADC_PATH) {
     try_adc();  # if it succeeds, this also 'exec's out