strip setuid/setgid bits on backup (was Re: small security-related rsync extension)

Robert Weber Robert.Weber at Colorado.EDU
Tue Jul 9 11:32:02 EST 2002

> > This brings up an issue that I believe can be solved in a simpler way than
> > with brute force C code.  I suspect some of you will cringe when you hear
> > this, but a taintperl log parsing program would be best for this.  rsync
> > could generate a verbose log file that is not human readable, designed to
> > be read by a perl postprocessing script.  I think this would allow greater
> > flexibility, and modularize the functionality to avoid some possible
> > security problems.  This way log parsing would not be done at the
> > authentication level of rsync(root) but at some lower level with read
> > access to the log file.  Does this sound like a reasonable solution?
> Perl should be avoided.  Perl is proof that sysadmins don't grok
> language design.

Understood.  However, how about separating the log parsing anyway?  There
are many pre-built log file parsing programs out there.  A verbose, and 
consistant log format could allow more flexibility.

						Robert Weber
						University of Colorado

More information about the rsync mailing list