--relative simplification
Matt McCutchen
matt at mattmccutchen.net
Sun Nov 4 17:56:57 GMT 2007
I observed the following about --relative:
1. From the user's perspective, its only effect is to change the suffix
of a source argument path that is included in file-list paths. The
suffix starts after the first ./ with --relative or the last / without
it; if the marker is not present, the entire source argument path is
used.
2. An evil client might push a file list containing multicomponent
top-level paths to a daemon without passing --relative. If running
non-(--relative) code on such paths has security implications for the
daemon, the daemon needs to validate that the file list is free of them
if --relative is not passed.
In light of these observations, I propose that rsync check --relative
only in the interpretation of source arguments and everywhere else use
the code that handles the general case of --relative whether or not it
was passed. This way, separate code for the special case of
non-(--relative) does not have to be maintained, and inconsistencies in
behavior with and without --relative will be less likely. A client
sender should still pass --relative on to the server in case the server
is old and needs it to behave correctly.
Matt
More information about the rsync
mailing list