DO NOT REPLY [Bug 6251] New: security: rsync executes remote commands

samba-bugs at samba-bugs at
Tue Apr 7 20:36:28 GMT 2009

           Summary: security: rsync executes remote commands
           Product: rsync
           Version: 3.0.5
          Platform: x86
        OS/Version: Linux
            Status: NEW
          Severity: major
          Priority: P3
         Component: core
        AssignedTo: wayned at
        ReportedBy: mueller at
         QAContact: rsync-qa at

when a source file name listed on the rsync command line contains | or ; then
whatever comes after is executed as a command on the remote machine.

rsync somehost:/foobar\;date\>/tmp/date .

(note the backslashes)

will fail and leave behind the file /tmp/date on the somehost. this can cause
serious trouble when file names can be picked by untrusted users.

the problem doesn't seem to occur when evil file names occur in a tree being
copied or when given as copy source.

Configure bugmail:
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

More information about the rsync mailing list