On Sun, Oct 05, 2008 at 06:47:47AM +0200, Shachar Shemesh wrote: > Rssh, however, prevent the passing of the "-e" option to rsync, as it > claims (with some amount of justification) that this option allows > someone to cause rsync to run any command at all, escaping the > limitations imposed by rssh.
As has been mentioned on the list before, this is not the right check. A restricted shell should instead check that "--server" was specified (and it is fine to check that it is the first option on the line too), at which point checking for -e is immaterial (since it never runs anything on the server side). The use of -e conveys some flags in a way that is compatible with older versions (which used to ignore -e when combined with --server) and does not slow down the start of a transfer (which would otherwise need to wait for the initial protocol exchange before deciding if they could send sub-flags, thus slowing down the handshake by at least a round- trip). ..wayne.. -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
