---begin quoted text---
> From: Wayne Davison <[EMAIL PROTECTED]>
> Subject: Re: specifying a list of files to transfer
> Date: Wed, 15 Jan 2003 10:10:29 -0800
>
> On Tue, Jan 14, 2003 at 10:01:47PM -0600, Lee Eakin wrote:
> > Yes, people do restrict args via ssh key restrictions.
>
> OK, I thank you both for enlightening me on the subject. My current
> patch applies the sanitize_path() function to all names read via the
> --files-from option, regardless of whether we're pushing or pulling.
> This means that all leading slashes are dropped from file names as
> well as all leading "../" prefixes, and that any infix "dir/../"
> combos are removed. This ensures that we can't get above the root
> dir that was specified on the command-line.
>
That's awsome. Now as long as I want to allow access to the given portion
of the file tree I can allow files-from.
Now if I can only figure out a way to intercept the list when I need to
be real picky about which individual files are accessed ...
> > so any sanitize code could first make sure all pathnames begin with a valid
> > module and then make sure the file or dir is really inside that module.
>
> This isn't needed since the module name is specified on the command-line
> and then all paths are relative to the directory that was specified in
> that module. For instance:
>
> rsync --files-from=foo remote::module/bar
>
> forces all pathnames read to be relative to the bar dir of the module.
> If no "/bar" path was specified, the paths would all be relative to the
> root-dir of the module.
That's cool too, so no additional/special code to handle server-mode ;)
I like this a lot, now to test ...
>
---end quoted text---
-Lee
--
Lee Eakin - [EMAIL PROTECTED]
Benchley's Law of Distinction:
There are two kinds of people in the world, those who believe
there are two kinds of people in the world and those who don't.
--
To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.tuxedo.org/~esr/faqs/smart-questions.html
