On Tue, May 02, 2006 at 09:13:47AM -0400, Gary Aviv wrote: > In fact, even if the link is invalid it should be transfered.
The desire is to make a daemon that is running without chroot work as closely as possible to a daemon that is running with chroot. So, what we definitely need to avoid is letting a user create a symlink that then gives them access to a file outside of the module's directory. It seems to me that this would best be done by not sanitizing the symlink on the way into the server, but instead ensuring that any symlink expansion when requesting files does not succeed in reading data from outside the module's path. This is a little less efficient to implement than tweaking the paths on the way in (since it would require an extra stat to check if we're expanding a symlink), but I think it would make things work quite a bit better, and the extra work would only need to be done when one of the --copy-links options was used with a daemon that was not using chroot. I have not implemented the above idiom yet, but I did fix the problem where the sanitizing was being too aggressive in removing allowable .. references. You can try out that version by fetching the latest nightly tar file or the CVS version. ..wayne.. -- To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
