On Thu, Feb 08, 2001 at 08:43:27AM -0500, Diab Jerius wrote:
> Dave,
>
> Thanks, that's exactly it. I can't set chroot=yes, as I'm not running
> the server as root. As much as it's nice to have software prevent you
> from shooting yourself in the foot, when you really want to, it should
> let you. Is there any way around this?
>
> Diab
The problem with full pathname symlinks and "use chroot = no" is that it
can let somebody affect things outside of the module. For example,
somebody could first upload a symlink to a directory outside of the module
and then write into it. I implemented that functionality and I knew the
removal of the leading slash would usually be the wrong thing to do but I
thought it was better than having it bomb. In your case it could be
smarter and check that a path is still within a module, but it is tricky to
do that securely. If you make a patch, I'll look it over and if it looks
OK I'll submit it to the rsync CVS. See the comment above sanitize_path()
in util.c.
- Dave Dykstra
