DO NOT REPLY [Bug 6251] security: rsync executes remote commands
samba-bugs at samba.org
samba-bugs at samba.org
Tue Apr 7 22:11:28 GMT 2009
https://bugzilla.samba.org/show_bug.cgi?id=6251
wayned at samba.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
------- Comment #1 from wayned at samba.org 2009-04-07 17:11 CST -------
This is not a security problem because for it to occur, the user needs to have
ssh access to the host, so you're already trusting them for that. If you are
limiting what they can do via ssh, it is up to you to ensure that the command
they specified is safe, not rsync (since it is the shell that is processing
those characters -- rsync never sees them).
--
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
More information about the rsync
mailing list