The Samba-Bugzilla – Attachment 12916 Details for
Bug 12576
popt aliases allow users to bypass sudo argument restrictions
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Add a new --no-popt-aliases option to explicitly disable popt aliases
patch2 (text/plain), 3.27 KB, created by
Paul Donohue
on 2017-02-11 22:23:40 UTC
(
hide
)
Description:
Add a new --no-popt-aliases option to explicitly disable popt aliases
Filename:
MIME Type:
Creator:
Paul Donohue
Created:
2017-02-11 22:23:40 UTC
Size:
3.27 KB
patch
obsolete
>diff --git a/options.c b/options.c >index 9ecbd87..1c371d9 100644 >--- a/options.c >+++ b/options.c >@@ -186,6 +186,7 @@ const char *checksum_choice = NULL; > > int quiet = 0; > int output_motd = 1; >+int popt_aliases = 1; > int log_before_transfer = 0; > int stdout_format_has_i = 0; > int stdout_format_has_o_or_i = 0; >@@ -671,6 +672,7 @@ void usage(enum logcode F) > rprintf(F," --msgs2stderr special output handling for debugging\n"); > rprintf(F," -q, --quiet suppress non-error messages\n"); > rprintf(F," --no-motd suppress daemon-mode MOTD (see manpage caveat)\n"); >+ rprintf(F," --no-popt-aliases suppress processing of popt argument aliases\n"); > rprintf(F," -c, --checksum skip based on checksum, not mod-time & size\n"); > rprintf(F," -a, --archive archive mode; equals -rlptgoD (no -H,-A,-X)\n"); > rprintf(F," --no-OPTION turn off an implied OPTION (e.g. --no-D)\n"); >@@ -836,6 +838,8 @@ static struct poptOption long_options[] = { > {"quiet", 'q', POPT_ARG_NONE, 0, 'q', 0, 0 }, > {"motd", 0, POPT_ARG_VAL, &output_motd, 1, 0, 0 }, > {"no-motd", 0, POPT_ARG_VAL, &output_motd, 0, 0, 0 }, >+ {"popt-aliases", 0, POPT_ARG_VAL, &popt_aliases, 1, 0, 0 }, >+ {"no-popt-aliases", 0, POPT_ARG_VAL, &popt_aliases, 0, 0, 0 }, > {"stats", 0, POPT_ARG_NONE, &do_stats, 0, 0, 0 }, > {"human-readable", 'h', POPT_ARG_NONE, 0, 'h', 0, 0}, > {"no-human-readable",0, POPT_ARG_VAL, &human_readable, 0, 0, 0}, >@@ -1327,6 +1331,7 @@ int parse_arguments(int *argc_p, const char ***argv_p) > switch (opt) { > case OPT_SERVER: > am_server = 1; >+ popt_aliases = 0; > #ifdef ICONV_OPTION > iconv_opt = NULL; > #endif >@@ -1405,7 +1410,7 @@ int parse_arguments(int *argc_p, const char ***argv_p) > } > > /* Process popt aliases */ >- if (!am_server) >+ if (popt_aliases) > poptFreeContext(pc); > pc = poptGetContext(RSYNC_NAME, argc, argv, long_options, 0); > poptReadDefaultConfig(pc, 0); >diff --git a/rsync.yo b/rsync.yo >index d56db43..8f4de95 100644 >--- a/rsync.yo >+++ b/rsync.yo >@@ -339,6 +339,7 @@ to the detailed description below for a complete description. verb( > --msgs2stderr special output handling for debugging > -q, --quiet suppress non-error messages > --no-motd suppress daemon-mode MOTD (see caveat) >+ --no-popt-aliases suppress processing of popt argument aliases > -c, --checksum skip based on checksum, not mod-time & size > -a, --archive archive mode; equals -rlptgoD (no -H,-A,-X) > --no-OPTION turn off an implied OPTION (e.g. --no-D) >@@ -594,6 +595,10 @@ that the daemon sends in response to the "rsync host::" request (due to > a limitation in the rsync protocol), so omit this option if you want to > request the list of modules from the daemon. > >+dit(bf(--no-popt-aliases)) This option suppresses processing of popt >+command line argument aliases. This may be used in sudo policies to >+help limit the permitted rsync arguments. >+ > dit(bf(-I, --ignore-times)) Normally rsync will skip any files that are > already the same size and have the same modification timestamp. > This option turns off this "quick check" behavior, causing all files to
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 12576
:
12915
| 12916