https://bugzilla.samba.org/show_bug.cgi?id=12576
--- Comment #6 from Paul Donohue <samba-b...@paulsd.com> --- This all makes sense, I appreciate the suggestions, and I may actually implement some of this. However, the existence of this rrsync solution doesn't change the fact that there exists another simple and obvious solution using sudo which has a giant undocumented security hole related to an unusual, undocumented, and not widely used feature of rsync (popt aliases). My goal for this bug report is to either get a disclaimer added to the rsync man page (which documents popt aliases feature, explains the security implications, and suggests mitigations and/or alternative solutions to avoid security issues, including this rrsync solution), or to get the attached trivial patches merged to help mitigate this security issue without requiring users to wrap complicated scripts around rsync or avoid the use of sudo. Security is hard enough to get right when everything works in a consistent and intuitive manner. Having an unusual, unintuitive, and undocumented feature with significant undocumented security implications is just asking for trouble. -- You are receiving this mail because: You are the QA Contact for the bug. -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html