[Bug 11879] New: escape rrsync restricted folder

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[Bug 11879] New: escape rrsync restricted folder

samba-bugs
https://bugzilla.samba.org/show_bug.cgi?id=11879

            Bug ID: 11879
           Summary: escape rrsync restricted folder
           Product: rsync
           Version: 3.1.2
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: core
          Assignee: [hidden email]
          Reporter: [hidden email]
        QA Contact: [hidden email]

It is possible to escape rrsync restricted folder by syncing (using rsync -a
...) a symbolic link to the parent folder and then syncing with this symbolic
link.

Concretely, we could do:

ln -s .. parent
rsync -acrvz . login@server:

and then we can rsync with login@server:parent to read/write files in the
parent folder of the restricted folder.

--
You are receiving this mail because:
You are the QA Contact for the bug.

--
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Reply | Threaded
Open this post in threaded view
|

[Bug 11879] escape rrsync restricted folder

samba-bugs
https://bugzilla.samba.org/show_bug.cgi?id=11879

[hidden email] changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |[hidden email]

--- Comment #1 from [hidden email] ---
Created attachment 12132
  --> https://bugzilla.samba.org/attachment.cgi?id=12132&action=edit
hardcode safe-links

Adding '--safe-links' or '--munge-links' on server side should fix this.

I actually hardcoded it on some of my servers. The version of rsync present
didn't have the --munge-links option so I used --safe-links.

I'm not proposing this change be included, it's just a quick'n'dirty hack while
someone more experienced has an actual fix.

--
You are receiving this mail because:
You are the QA Contact for the bug.

--
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html