https://bugzilla.samba.org/show_bug.cgi?id=6251
way...@samba.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |WONTFIX ------- Comment #4 from way...@samba.org 2009-04-08 11:36 CST ------- If you don't trust your users, you need to setup something better on your part, such as forcing the -s (--protect-args) option on all rsync commands that get run on the client and using a different shell (or forced wrapper script) on the remote hosts that ensures the safety of the command-line. When doing an ssh transfer, rsync assumes that you to know what you're doing. It does not know what shell is on the other side, so asking it to escape chars in an undefined manner is not something that it can do portably (so if we build in bourne-shell escaping, that could break the use of a more rare shell setup). I recommend a safety script on the remote hosts to ensure that nothing tricky is going on. Rsync supplies a script named rrsync in the support directory that handles safe globbing of filenames without allowing a shell to interpret special characters (since it completely avoids the spawning of a shell). If you setup the ssh logins to force the command to go to the rrsync perl script, it can both validate the command-line options and safely handle the file args for you. Rsync also supports daemon mode (including daemon over ssh) for being the most safe and restrictive. Because making ssh transfers safe takes setup outside of rsync, I am marking this bug request as wontfix. -- Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug, or are watching the QA contact. -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html