Greetings, I have found several security issues in an rsync set-up that results from an inexperienced sysadmin following precisely what is meant to only be an example, in the "Using Rsync and SSH" tutorial (http://troy.jdmz.net/rsync/), as linked from the http://rsync.samba.org/documentation.html page.
Consider incorporating the following suggestions to improve security: 1- the validate-rsync script should reject not only the < but also the > character, otherwise any file can be overwritten. 2- the validate-rsync command itself should not be owned nor writeable by the userid that executes the rsync command. Otherwise, rsync can be used to overwrite the validation script with another script that doesn't validate, or even execute arbitrary commands. 3- similarly, the authorized-keys file should not be owned or writeable by the rsync user, otherwise rsync can be used to overwrite that file, with one that removes the requirement to run validate-rsync, or with one that runs some other command instead. Regards, Yanek Martinson
-- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
