strip setuid/setgid bits on backup (was Re: small security-related rsync extension)

Dan Stromberg strombrg at nis.acs.uci.edu
Thu Jul 11 15:17:02 EST 2002


On Tue, Jul 09, 2002 at 05:05:31PM -0600, tim.conway at philips.com wrote:
> I vote for the consistent, complete log format as a solution to this sort 
> of thing, and those who need to take non-rsync related actions based on 
> what rsync did can write their own applications to do so.
> 
> People keep coming up with some particular thing they need done for their 
> own application, and want rsync to do that too.  rsync is a tool to make 
> one thing exactly like another.  It is not an archiver (keep files 

Then rsync is failing in that goal when it creates ~ files.  I'm just
trying to keep the ~ files from being a liability to anyone with any
security awareness (and those who aren't aware as well).

Maybe you guys all live behind firewalls with employees you can fire if
there's a local root, but we have servers with thousands of students and
very limited firewalling.  We simply must pay attention to this stuff,
and frankly even if you think you're protected, you still should take
some steps to ensure security.

> "Yeah, our new model car uses gas exponentially with the distance 
> traveled, and has to warm up for 1.5 times as long as the trip will take, 
> but before we work on that, we want to add the dumptruck, palmpilot, and 
> grapefruit spoon features."

I want to remove the misfeature that throws broken glass in front of
your own wheels.  Is that so bad?

-- 
Dan Stromberg                                               UCI/NACS/DCS
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://lists.samba.org/archive/rsync/attachments/20020711/2aaa420a/attachment.bin


More information about the rsync mailing list