https://bugzilla.samba.org/show_bug.cgi?id=6251
------- Comment #2 from [email protected] 2009-04-07 19:22 CST ------- I think Urban is talking about a script that runs an rsync-over-ssh client on behalf of an untrusted caller, in which case the ability to run arbitrary remote commands would be a vulnerability in the script. Urban, to prevent the command execution, you can add --protect-args to the script. Then rsync won't pass the filenames through the remote shell, but the remote rsync will expand globs itself. If you don't even want globbing, use --files-from and perhaps --from0. I don't think a change to rsync is needed. -- Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug, or are watching the QA contact. -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
