[Bug 15122] Potential vulnerability: rsync creates files outside the target directory
samba-bugs at samba.org
samba-bugs at samba.org
Wed Aug 24 03:33:09 UTC 2022
https://bugzilla.samba.org/show_bug.cgi?id=15122
--- Comment #2 from Wayne Davison <wayne at opencoder.net> ---
BTW, what happens in the test case you provided is that the generator creates
TOPDIR and then TOPDIR/secret dirs before asking the sender to start a transfer
of TOPDIR/secret/config. It then goes on to notice that topdir is present
(since it uses stat) and that topdir/secret is an empty directory that is in
the way of a symlink, so it replaces the dir with a symlink prior to the
receiver doing its file-create work. If the topdirs had sorted in the opposite
order, the symlink would have been replaced with a directory.
--
You are receiving this mail because:
You are the QA Contact for the bug.
More information about the rsync
mailing list