--server combined with -e option

Kaleb Pederson kaleb.pederson at gmail.com
Fri Mar 7 04:46:03 GMT 2008


In the past, I had restricted rsync so that the -e option was disallowed. As 
of rsync-3.0.0, I'm now seeing the following requests being made (on the 
server side):

rsync --server -vlogDtprze.iL .

I want to prevent '-e' as a client side option so arbitrary programs can't be 
executed.

I found the following, but didn't trace through to verify exactly where I was 
in the code base:

--- options.c ---
1785     /* We make use of the -e option to let the server know about any
1786      * pre-release protocol version && some behavior flags. */
1787     argstr[x++] = 'e';
1788 #if SUBPROTOCOL_VERSION != 0
1789     if (protocol_version == PROTOCOL_VERSION) {
1790         x += snprintf(argstr+x, sizeof argstr - x,
1791                   "%d.%d", PROTOCOL_VERSION, SUBPROTOCOL_VERSION);
1792     } else
1793 #endif
1794         argstr[x++] = '.';
1795     set_allow_inc_recurse();
1796     if (allow_inc_recurse)
1797         argstr[x++] = 'i';
1798 #if defined HAVE_LUTIMES && defined HAVE_UTIMES
1799     argstr[x++] = 'L';
1800 #endif
1801     argstr[x] = '\0';

The above "e.iL" definitely matches, so I know I'm close.

Is it safe to allow 'e' if '--server' is also present?

Suggestions?

Thanks.

--Kaleb


More information about the rsync mailing list