specifying a list of files to transfer
Wayne Davison
wayned at users.sourceforge.net
Wed Jan 15 03:40:01 EST 2003
On Tue, Jan 14, 2003 at 07:02:58PM -0800, jw schultz wrote:
> Up till now rsync hasn't touched anything outside of the paths
> specified on the command-line. Changing that would mean access to
> rsync via ssh would no longer be restricted, just disabled.
Are you saying that some people have special ssh scripts that check
and/or tweak the file names on the command-line to ensure they fall with
certain bounds when running rsync commands? I.e., if someone ran this
command:
rsync -av -e ssh "source:dir /foo/two /bar/three" /tmp
the remote ssh setup would handle the presence of the extra "/foo/two",
"/bar/three" args? If so, I hadn't realized that people were limiting
ssh access by more than the traditional user/group/permissions access.
> Sanitizing the paths to force them to be relative on pulls
> but not pushes would be too asymetrical for my liking.
I agree that if we find that we want to sanitize the paths in some cases
that we should just make it the default for files-from -- i.e. make it
where nothing can get beyond the root dir specified on the command-line.
> I'd rather just disallow or sanitize absolute paths.
Note that it's more pervasive than just absolute paths, since someone
can use args like "../../../etc/password" or "good_dir/../../bad_dir"
(all of which the sanitize_path() call handles).
..wayne..
More information about the rsync
mailing list