https://bugzilla.samba.org/show_bug.cgi?id=12576

--- Comment #6 from Paul Donohue <samba-b...@paulsd.com> ---
This all makes sense, I appreciate the suggestions, and I may actually
implement some of this.

However, the existence of this rrsync solution doesn't change the fact that
there exists another simple and obvious solution using sudo which has a giant
undocumented security hole related to an unusual, undocumented, and not widely
used feature of rsync (popt aliases).

My goal for this bug report is to either get a disclaimer added to the rsync
man page (which documents popt aliases feature, explains the security
implications, and suggests mitigations and/or alternative solutions to avoid
security issues, including this rrsync solution), or to get the attached
trivial patches merged to help mitigate this security issue without requiring
users to wrap complicated scripts around rsync or avoid the use of sudo.

Security is hard enough to get right when everything works in a consistent and
intuitive manner.  Having an unusual, unintuitive, and undocumented feature
with significant undocumented security implications is just asking for trouble.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

-- 
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html

Reply via email to