DO NOT REPLY [Bug 6151] --safe-links can be fooled by adding extra slashes to the path

samba-bugs at samba.org samba-bugs at samba.org
Mon Mar 2 22:44:31 GMT 2009


https://bugzilla.samba.org/show_bug.cgi?id=6151





------- Comment #1 from erik.sjolund at gmail.com  2009-03-02 16:44 CST -------
Created an attachment (id=3965)
 --> (https://bugzilla.samba.org/attachment.cgi?id=3965&action=view)
fixes this bug

This patch fixes this bug.

I am still a bit worried about the foor loop directly after  

/* find out what our safety margin is */

It tries to analyze "src" but, I don't know exactly what it is trying to do.
For instance why does it have 
depth = 0 
and not --depth? How does take care of symbolic links inside the "src" path? In
general ".." in the root directory is also the root directory. Is that
considered? I know too little about what restrictions the arguments coming into
this function have already gone through ( filtering, cleaning up ).


-- 
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.


More information about the rsync mailing list