Do we need excluded_below?
Matt McCutchen
matt at mattmccutchen.net
Mon Mar 10 00:24:53 GMT 2008
It strikes me that the excluded_below mechanism at the beginning of
recv_generator is useless from a security perspective. When a client
pushes a daemon-excluded directory, the excluded_below mechanism causes
the pushed contents of the directory to be skipped as well as the
directory itself. However, the client can just as easily push
descendant files individually. If the daemon administrator wants to
stop that, she has to use a "/secret/***"-style rule (as the man page
has recommended since rsync 2.6.4), and then excluded_below serves no
purpose.
I propose removing excluded_below. This would only make daemons that
are already insecure more glaringly so, and it would have the benefits
of simplifying the code and making any weaknesses in the daemon-exclude
checking more likely to be discovered.
Matt
More information about the rsync
mailing list