rsync 2.6.1 released (including security note)
Paul Slootman
paul at debian.org
Sun May 2 11:15:57 GMT 2004
On Sat 01 May 2004, Albert Chin wrote:
>
> Anyone ever come up with a patch for the chroot fix against 2.5?
The patch below should do it. Note that line numbers may be off.
Paul Slootman
--- rsync-2.5.5-orig/options.c 2002-03-19 21:16:42.000000000 +0100
+++ rsync-2.5.5/options.c 2004-04-28 17:18:49.000000000 +0200
@@ -21,6 +21,8 @@
#include "rsync.h"
#include "popt.h"
+extern int sanitize_paths;
+
int make_backups = 0;
/**
@@ -767,6 +769,15 @@
if (opt_ignore_existing && am_sender)
args[ac++] = "--ignore-existing";
+ if (sanitize_paths) {
+ if (tmpdir)
+ sanitize_path(tmpdir, NULL);
+ if (compare_dest)
+ sanitize_path(compare_dest, NULL);
+ if (backup_dir)
+ sanitize_path(backup_dir, NULL);
+ }
+
if (tmpdir) {
args[ac++] = "--temp-dir";
args[ac++] = tmpdir;
More information about the rsync
mailing list