strip setuid/setgid bits on backup (was Re: small security-related rsync extension)
aho-sw-rsync at 03s.net
Mon Jul 8 02:38:02 EST 2002
On Mon, Jul 08, 2002 at 05:56:57PM +1000, Martin Pool wrote:
> Any thoughts on whether this should go in? I can see arguments either
> way. It seems like we ought to think about whether it would be better
> to do it as part of a generalized --chmod or --chmod-backup facility.
I'm inclined to push for more flexibility with:
Runs <exec_pathname> on the receiver just before rsync exits.
<exec_pathname> is passed a list of fully-qualified pathnames on
stdin (one per line) that have been created, modified or deleted by
this rsync instance.
Dan's patch would therefore be reduced to the single script:
xargs chmod u-s
This would also allow rsync users to post-process modified files in
whatever way they wish.
More information about the rsync