security of the validate-rsync script
Yanek Martinson
yanekmartinson at gmail.com
Mon Apr 28 15:08:55 MDT 2014
Greetings,
I have found several security issues in an rsync set-up that results from
an inexperienced sysadmin following precisely what is meant to only be an
example, in the "Using Rsync and SSH" tutorial (http://troy.jdmz.net/rsync/),
as linked from the http://rsync.samba.org/documentation.html page.
Consider incorporating the following suggestions to improve security:
1- the validate-rsync script should reject not only the < but also the >
character, otherwise any file can be overwritten.
2- the validate-rsync command itself should not be owned nor writeable by
the userid that executes the rsync command. Otherwise, rsync can be used
to overwrite the validation script with another script that doesn't
validate, or even execute arbitrary commands.
3- similarly, the authorized-keys file should not be owned or writeable by
the rsync user, otherwise rsync can be used to overwrite that file, with
one that removes the requirement to run validate-rsync, or with one that
runs some other command instead.
Regards,
Yanek Martinson
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/rsync/attachments/20140428/80f5db96/attachment.html>
More information about the rsync
mailing list