DO NOT REPLY [Bug 6251] New: security: rsync executes remote
commands
samba-bugs at samba.org
samba-bugs at samba.org
Tue Apr 7 20:36:28 GMT 2009
https://bugzilla.samba.org/show_bug.cgi?id=6251
Summary: security: rsync executes remote commands
Product: rsync
Version: 3.0.5
Platform: x86
OS/Version: Linux
Status: NEW
Severity: major
Priority: P3
Component: core
AssignedTo: wayned at samba.org
ReportedBy: mueller at relog.ch
QAContact: rsync-qa at samba.org
when a source file name listed on the rsync command line contains | or ; then
whatever comes after is executed as a command on the remote machine.
rsync somehost:/foobar\;date\>/tmp/date .
(note the backslashes)
will fail and leave behind the file /tmp/date on the somehost. this can cause
serious trouble when file names can be picked by untrusted users.
the problem doesn't seem to occur when evil file names occur in a tree being
copied or when given as copy source.
--
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
More information about the rsync
mailing list