DO NOT REPLY [Bug 6251] security: rsync executes remote commands
https://bugzilla.samba.org/show_bug.cgi?id=6251
muel...@relog.ch changed:
What|Removed |Added
Status|RESOLVED|REOPENED
Resolution|INVALID |
--- Comment #3 from muel...@relog.ch 2009-04-08 07:17 CST ---
@Wayne: Yes it is a security problem. Scenario: The user is in an apache+php
process and needs to copy around arbitrarily named files he just uploaded on a
cluster. The cluster allows password free login every host to every other host,
which is perfectly safe as long as any commands executed are chosen by php.
At no point did we give the user permission to execute arbitrary commands! We
just allow him to copy a file named by him, that's a completely different
security level. However if that name contains certain characters, he can
escalate his privilege using rsync. Imagine he uploads a file named ';rm -rf
..'
All other unix tools handle this case without problems if the file name is
escaped correctly, just rsync (and scp) have a problem. --protect-args does
solve the problem but not everyone knows about or remembers to use it. I see no
reason why dangerous characters can't ALWAYS be escaped before passing the args
to the shell for globbing. I'd escape everything but \w * ? [ ] { }
--
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the QA contact for the bug, or are watching the QA contact.
--
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
double-side synchronisation
Help me Tell it is possible to make double-side synchronisation of two servers? So that it passed only on time. For example at an identical set of files on two servers any file on the first to change, i.e. for it time modify will exchange. It means becomes newer and it is necessary to transfer it to other server. And on the contrary, if modification time for any file of the second server it to transfer to the first, as newer will vary. Thankful in advance __ С Уважением, Кузьмин Андрей Системный администратор, Отдела управления средами, Производственного центра ОТР 2000 e-mail: kyzmin.and...@otr.ru icq:252-811-061 skype: and_kuzmin -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: double-side synchronisation
Hello, I think you will have to run two commands of rsync from PC1 to Server1 and after to Server2. (Case Server1 and Server2 are on different location) If both server are on LAN, you could make rsync from PC1 to Server1 and do after that a sync of Server1 to Server2. Regards, CyD On Wed, Apr 8, 2009 at 2:36 PM, Кузьмин Андрей Николаевич kyzmin.and...@otr.ru wrote: Help me Tell it is possible to make double-side synchronisation of two servers? So that it passed only on time. For example at an identical set of files on two servers any file on the first to change, i.e. for it time modify will exchange. It means becomes newer and it is necessary to transfer it to other server. And on the contrary, if modification time for any file of the second server it to transfer to the first, as newer will vary. Thankful in advance __ С Уважением, Кузьмин Андрей Системный администратор, Отдела управления средами, Производственного центра ОТР 2000 e-mail: kyzmin.and...@otr.ru icq:252-811-061 skype: and_kuzmin -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
order transfers by file size
Is it possible to have rsync order transfers by file size (smallest files first) ? Would it be a big patch ? Thanks Viki -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: double-side synchronisation
Tell it is possible to make double-side synchronisation of two servers? For two-way file sync, try unison [1]. Rsync does one-way synchronization. Viki [1] http://www.cis.upenn.edu/~bcpierce/unison/ -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: order transfers by file size
On Wed, April 8, 2009 8:19 am, Victoria Muntean wrote: Is it possible to have rsync order transfers by file size (smallest files first) ? Ooooh, I like that. I have a client that has a bad habit of creating a 5GB zipfile, that, of course, fails to rsync across 3,000 miles. Since it's a zip file, rsync can't diff the old and new versions; it ends up trying to send the whole thing and the connection just isn't reliable enough. It would be nice to be able to transfer everything else first. As long as we're on that topic, a size limit on file size to be transferred would be nice. --Yan Would it be a big patch ? Thanks Viki -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html !DSPAM:49dcc0b587011804284693! -- Yan Seiner, PE Support my bid for the 4J School Board http://www.seiner.com -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: itemized option (-ii) with --log-file and --log-file format
On Wed, Apr 08, 2009 at 07:41:12AM +0530, Jignesh Shah wrote: No, I also want to log files that are not transferred. You can use -vv instead of -ii to get a list of uptodate items, but no mention of attribute changes (non-transferred files are all uptodate). In rsync 3.1.0dev you can get that info without all the rest of the verbosity items it implies by specifying --info=name2. If that is not what you want, then you need the %i field so that rsync can output what has changed (or not changed) for the current item. ..wayne.. -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: order transfers by file size
On Wed 08 Apr 2009, Yan Seiner wrote: As long as we're on that topic, a size limit on file size to be transferred would be nice. --max-size=SIZE don't transfer any file larger than SIZE Paul -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
DO NOT REPLY [Bug 6251] security: rsync executes remote commands
https://bugzilla.samba.org/show_bug.cgi?id=6251 way...@samba.org changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution||WONTFIX --- Comment #4 from way...@samba.org 2009-04-08 11:36 CST --- If you don't trust your users, you need to setup something better on your part, such as forcing the -s (--protect-args) option on all rsync commands that get run on the client and using a different shell (or forced wrapper script) on the remote hosts that ensures the safety of the command-line. When doing an ssh transfer, rsync assumes that you to know what you're doing. It does not know what shell is on the other side, so asking it to escape chars in an undefined manner is not something that it can do portably (so if we build in bourne-shell escaping, that could break the use of a more rare shell setup). I recommend a safety script on the remote hosts to ensure that nothing tricky is going on. Rsync supplies a script named rrsync in the support directory that handles safe globbing of filenames without allowing a shell to interpret special characters (since it completely avoids the spawning of a shell). If you setup the ssh logins to force the command to go to the rrsync perl script, it can both validate the command-line options and safely handle the file args for you. Rsync also supports daemon mode (including daemon over ssh) for being the most safe and restrictive. Because making ssh transfers safe takes setup outside of rsync, I am marking this bug request as wontfix. -- Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the QA contact for the bug, or are watching the QA contact. -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: Rsync Runs Out of Space Because of Temp File
On Wed 08 Apr 2009, philvh wrote: I have 2 mounted drive. Each have 60 GB. On each drive, there is a 50 GB file (it's a virtual machine) and nothing else. When I sync one with another, there should not be a problem, because there are 10 GB left, and also, shouldn't it re-use the space of the destination file? I found that it creates a 10 GB temporary file on the destination folder. It looks like it doesn't write to the destination file, but rather creating a temporary file first (like a diff or something). I really don't know the inner working of it. However, I would assume it just updating the destination, and there should be plenty of space for that. By default rsync makes an updated copy of the file, possibly using data from the existing version to speed up the transfer (actually, to minimize network traffic). The data it needs may be at a position further towards the end of the file than it currently resides (e.g. the beginning of the file was deleted, leaving the last part). If it simply overwrites the existing file, that optimization would then not be possible. You can force the updating in-place of the file by using the --inplace option... It's all there in the manpage. Paul Slootman -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: Rsync Runs Out of Space Because of Temp File
Thanks Paul for helping. I wonder if this method would help what you described: 1) Create a diff before the update. So in place update is always the case. 2) The diff does not have data, but rather information where in the destination needs to be updated. There are still problem to work out for example where data in the destination are moved, and those data needs to be moved first before the transfer of data take place. This will ensure that data is not lost and only the same space as the source is needed. This probably is the same as doing a defragment of a drive with limited extra space. Paul Slootman-5 wrote: By default rsync makes an updated copy of the file, possibly using data from the existing version to speed up the transfer (actually, to minimize network traffic). The data it needs may be at a position further towards the end of the file than it currently resides (e.g. the beginning of the file was deleted, leaving the last part). If it simply overwrites the existing file, that optimization would then not be possible. You can force the updating in-place of the file by using the --inplace option... It's all there in the manpage. Paul Slootman -- View this message in context: http://www.nabble.com/Rsync-Runs-Out-of-Space-Because-of-Temp-File-tp22953370p22955527.html Sent from the Samba - rsync mailing list archive at Nabble.com. -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
