Bug 11879 - escape rrsync restricted folder
escape rrsync restricted folder
Status: NEW
Product: rsync
Classification: Unclassified
Component: core
All All
: P5 normal
: ---
Assigned To: Wayne Davison
Rsync QA Contact
Depends on:
  Show dependency treegraph
Reported: 2016-04-28 15:52 UTC by fb102email-sambabugzilla
Modified: 2016-05-26 16:12 UTC (History)
1 user (show)

See Also:

hardcode safe-links (345 bytes, text/plain)
2016-05-26 16:12 UTC, g.parrondo
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description fb102email-sambabugzilla 2016-04-28 15:52:40 UTC
It is possible to escape rrsync restricted folder by syncing (using rsync -a ...) a symbolic link to the parent folder and then syncing with this symbolic link.

Concretely, we could do:

ln -s .. parent
rsync -acrvz . login@server:

and then we can rsync with login@server:parent to read/write files in the parent folder of the restricted folder.
Comment 1 g.parrondo 2016-05-26 16:12:06 UTC
Created attachment 12132 [details]
hardcode safe-links

Adding '--safe-links' or '--munge-links' on server side should fix this. 

I actually hardcoded it on some of my servers. The version of rsync present didn't have the --munge-links option so I used --safe-links.

I'm not proposing this change be included, it's just a quick'n'dirty hack while someone more experienced has an actual fix.