On Tue, Jan 14, 2003 at 07:02:58PM -0800, jw schultz wrote: > Up till now rsync hasn't touched anything outside of the paths > specified on the command-line. Changing that would mean access to > rsync via ssh would no longer be restricted, just disabled.
Are you saying that some people have special ssh scripts that check and/or tweak the file names on the command-line to ensure they fall with certain bounds when running rsync commands? I.e., if someone ran this command: rsync -av -e ssh "source:dir /foo/two /bar/three" /tmp the remote ssh setup would handle the presence of the extra "/foo/two", "/bar/three" args? If so, I hadn't realized that people were limiting ssh access by more than the traditional user/group/permissions access. > Sanitizing the paths to force them to be relative on pulls > but not pushes would be too asymetrical for my liking. I agree that if we find that we want to sanitize the paths in some cases that we should just make it the default for files-from -- i.e. make it where nothing can get beyond the root dir specified on the command-line. > I'd rather just disallow or sanitize absolute paths. Note that it's more pervasive than just absolute paths, since someone can use args like "../../../etc/password" or "good_dir/../../bad_dir" (all of which the sanitize_path() call handles). ..wayne.. -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.tuxedo.org/~esr/faqs/smart-questions.html