On Wed, 2005-06-29 at 13:54 +0100, Russell Howe wrote: > Kern Sibbald wrote: > > > I guess my reaction is that if someone really wants \n s in their filenames > > (i.e. is crazy enough), then I prefer that they write their own little > > script > > that encloses the names in quotes then Bacula should handle them fine. > > I suppose you are not worried about the possibility of a malicious user > causing files to be unintentionally backed up isn't of any grave concern > then? >
The possible ability to affect what files are restored sounds like something worthy of some concern. # $bindir is some directory in target user's path cp $bindir ~/"\n$bindir" cp trojaned_prog ~/"\n$bindir"/legitimate_prog If $bindir is ever restored, a legit program may be replaced with a trojan. However, this might depend on the order in which files are backed up or restored. Could it really be that simple, or am I overlooking some obvious mitigating factor? I've not tested this. -davidc -- If you're not part of the solution, you're part of the precipitate. ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
