[Bug 15122] Potential vulnerability: rsync creates files outside the target directory

samba-bugs at samba.org samba-bugs at samba.org
Wed Aug 24 03:33:09 UTC 2022


--- Comment #2 from Wayne Davison <wayne at opencoder.net> ---
BTW, what happens in the test case you provided is that the generator creates
TOPDIR and then TOPDIR/secret dirs before asking the sender to start a transfer
of TOPDIR/secret/config.  It then goes on to notice that topdir is present
(since it uses stat) and that topdir/secret is an empty directory that is in
the way of a symlink, so it replaces the dir with a symlink prior to the
receiver doing its file-create work. If the topdirs had sorted in the opposite
order, the symlink would have been replaced with a directory.

You are receiving this mail because:
You are the QA Contact for the bug.

More information about the rsync mailing list