Why is -e sent to the remote rsync side?
Wayne Davison
wayned at samba.org
Sun Oct 5 15:15:02 GMT 2008
On Sun, Oct 05, 2008 at 06:47:47AM +0200, Shachar Shemesh wrote:
> Rssh, however, prevent the passing of the "-e" option to rsync, as it
> claims (with some amount of justification) that this option allows
> someone to cause rsync to run any command at all, escaping the
> limitations imposed by rssh.
As has been mentioned on the list before, this is not the right check.
A restricted shell should instead check that "--server" was specified
(and it is fine to check that it is the first option on the line too),
at which point checking for -e is immaterial (since it never runs
anything on the server side).
The use of -e conveys some flags in a way that is compatible with older
versions (which used to ignore -e when combined with --server) and does
not slow down the start of a transfer (which would otherwise need to
wait for the initial protocol exchange before deciding if they could
send sub-flags, thus slowing down the handshake by at least a round-
trip).
..wayne..
More information about the rsync
mailing list