When running in daemon mode with a module rooted at "/", it is not possible to "escape" the module.
Not by prefixing a link target with "../../../../../../..". Not by prefixing a link target with "/" nor "////". So it seems to me that path sanitization is not useful in this case. And it breaks stuff. In particular, I have a file distribution system where large numbers of authenticated users can use rsync in daemon mode as a forced SSH command, authenticating as themselves, and path sanitization damages links like "../../../../../../../etc/localtime" in user directories - which may be dubious in purpose, but which are harmless. And I am not the arbiter of my users' data in this sense. Turning on symlink munging of course damages these data even more - I would prefer to not have it damaged at all. Trivial fix attached. Thor
clientserver.diff
Description: clientserver.diff
-- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html