Daemon exclude fix [Re: CVS update: rsyncweb]

Matt McCutchen matt at mattmccutchen.net
Mon Dec 17 01:33:53 GMT 2007

On security.html, Wayne Davison wrote:
> the various --*-dest options (which shouldn't cause you any problems,
> since they only supply extra basis information for the transfer)

I take issue with this claim.  The itemize output leaks information
about whether files with certain names exist in the excluded dir.
Furthermore, a client with a lot of patience can make a hard link to an
excluded file by using --link-dest and --size-only and guessing every
possible size of the file.


More information about the rsync mailing list