Restricting rsync over ssh
Dmitry V. Levin
ldv at altlinux.org
Tue Dec 28 16:43:26 GMT 2004
On Tue, Dec 28, 2004 at 05:24:27PM +0100, Bob wrote:
> I would like to avoid using chroot because it implies my dummy-shell
> must run in suid root. Furthermore, it forces to create a jail with the
> binaries and libraries inside. I was thinking to this solution to avoid
> doing this.
Is there any reason to avoid this jail solution?
> Do you think there are some security issues using realpath
> instead of chroot ?
Yes, realpath introduces time-of-check-time-of-use race condition:
during the check your canonical path is fine, then user changes some
symlinks (using shell or via rsync) and gets out of his home directory.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/rsync/attachments/20041228/5eee9d61/attachment.bin
More information about the rsync