When running in daemon mode with a module rooted at "/", it is not possible to
"escape" the module.
Not by prefixing a link target with "../../../../../../..".
Not by prefixing a link target with "/" nor "".
So it seems to me that path sanitization is not useful in this case. And it
breaks
Indeed, we have “use chroot = false” – our application is a file distribution
system where users authenticate as themselves and run rsync daemonized over ssh
transport, rrsync-style. We can’t run with “use chroot = true” as a workaround
since the users are not root, and the chroot() system call
