[draft PATCH] whitelist support for refuse options

Nick Cleaton nick at cleaton.net
Tue Feb 11 18:46:45 UTC 2020


On Tue, 11 Feb 2020 at 01:36, raf via rsync <rsync at lists.samba.org> wrote:

>   rrysnc
>   sshdo - controls which commands may be executed via incoming ssh
>   authprogs - SSH Command Authenticator

Those work for command line argument restrictions, but I like daemon
mode for restriction. It's a way to tell rsync directly "we do not
trust the client, don't let it out of this directory". It turns on
stricter checks on file paths that make it harder to escape the
restricted directory, and you get --munge-links automatically where
it's necessary to prevent issues such as
https://bugzilla.samba.org/show_bug.cgi?id=11879

Enforcing a restriction by filtering command line options and
arguments seems a bit fragile in comparison.

>   allowed options = verbose archive
>
> and the presence of "allowed options" in rsyncd.conf causes
> all other options (not present in that or any other "allowed
> options" directive) to be disallowed. Just a thought.

That would work, although it would mean a larger patch.



More information about the rsync mailing list