strip setuid/setgid bits on backup (was Re: small security-related rsync extension)
Robert.Weber at Colorado.EDU
Tue Jul 9 11:32:02 EST 2002
> > This brings up an issue that I believe can be solved in a simpler way than
> > with brute force C code. I suspect some of you will cringe when you hear
> > this, but a taintperl log parsing program would be best for this. rsync
> > could generate a verbose log file that is not human readable, designed to
> > be read by a perl postprocessing script. I think this would allow greater
> > flexibility, and modularize the functionality to avoid some possible
> > security problems. This way log parsing would not be done at the
> > authentication level of rsync(root) but at some lower level with read
> > access to the log file. Does this sound like a reasonable solution?
> Perl should be avoided. Perl is proof that sysadmins don't grok
> language design.
Understood. However, how about separating the log parsing anyway? There
are many pre-built log file parsing programs out there. A verbose, and
consistant log format could allow more flexibility.
University of Colorado
More information about the rsync