DO NOT REPLY [Bug 6251] security: rsync executes remote commands

samba-bugs at samba-bugs at
Tue Apr 7 22:11:28 GMT 2009

wayned at changed:

           What    |Removed                     |Added
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID

------- Comment #1 from wayned at  2009-04-07 17:11 CST -------
This is not a security problem because for it to occur, the user needs to have
ssh access to the host, so you're already trusting them for that.  If you are
limiting what they can do via ssh, it is up to you to ensure that the command
they specified is safe, not rsync (since it is the shell that is processing
those characters -- rsync never sees them).

Configure bugmail:
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

More information about the rsync mailing list