7510 – rsyncd.conf: Default path=/ is dangerous

Bug 7510 - rsyncd.conf: Default path=/ is dangerous

Summary: rsyncd.conf: Default path=/ is dangerous

Status:	RESOLVED FIXED

Alias:	None

Product:	rsync
Classification:	Unclassified
Component:	core (show other bugs)
Version:	3.1.0
Hardware:	Other Other

Importance:	P3 normal (vote)
Target Milestone:	---
Assignee:	Wayne Davison
QA Contact:	Rsync QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2010-06-11 09:31 UTC by Chris Pepper
Modified:	2010-06-11 11:46 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Chris Pepper 2010-06-11 09:31:33 UTC

One of our users accidentally commented out the path entry for a module on our backup server. As a result, the backup started overwriting system files and wrecked the backup server. I realize that path=/ is an excellent default for pulling backups from other machines, but would like to suggest that path must be explicitly set (for all modules or individual modules) in order to write to  rsyncd.

Comment 1 Wayne Davison 2010-06-11 11:46:07 UTC

This is already fixed in the 3.1.0dev code in git -- rsync refuses to use any module that doesn't have a path set.