samba-bugs at samba.org
2012-May-30 23:13 UTC
[Bug 8965] New: unexpected --exclude behaviour which can lead to a data breach
https://bugzilla.samba.org/show_bug.cgi?id=8965
Summary: unexpected --exclude behaviour which can lead to a
data breach
Product: rsync
Version: 3.1.0
Platform: All
OS/Version: All
Status: NEW
Severity: major
Priority: P5
Component: core
AssignedTo: wayned at samba.org
ReportedBy: devkral at web.de
QAContact: rsync-qa at samba.org
rsync --exclude /h/xy/* /source /target
causes rsync to sync /h/xy/* into target
expected behaviour:
sync /source with /target and exclude files beyond /h/xy/
--
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
samba-bugs at samba.org
2012-May-30 23:16 UTC
[Bug 8965] unexpected --exclude behaviour which can lead to a data breach
https://bugzilla.samba.org/show_bug.cgi?id=8965 --- Comment #1 from Kevin Korb <rsync at sanitarium.net> 2012-05-30 23:16:10 UTC --- That is your shell globbing the * and turning it into multiple parameters all except the first being a list of sources. You need to quote your exclude with a wildcard like: --exclude '/h/xy/*' -- Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug.
samba-bugs at samba.org
2012-May-31 10:19 UTC
[Bug 8965] unexpected --exclude behaviour which can lead to a data breach
https://bugzilla.samba.org/show_bug.cgi?id=8965 --- Comment #2 from devkral at web.de 2012-05-31 10:19:50 UTC --- ah, ok. But it would be nice if rsync would warn at least. Nothing is so frustrating as to exclude some directories and suddenly rsync leaks informations from a similar named directory -- Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug.
samba-bugs at samba.org
2012-May-31 15:58 UTC
[Bug 8965] unexpected --exclude behaviour which can lead to a data breach
https://bugzilla.samba.org/show_bug.cgi?id=8965 --- Comment #3 from Kevin Korb <rsync at sanitarium.net> 2012-05-31 15:58:43 UTC --- Rsync has no way to know that you tried to use a * or that you did not intend to use a list of sources. If the explanation isn't clear try running your command again with an "echo" in front of the "rsync". That will show you what your shell expands the command to before passing it to rsync. -- Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug.
samba-bugs at samba.org
2012-Jun-16 17:40 UTC
[Bug 8965] unexpected --exclude behaviour which can lead to a data breach
https://bugzilla.samba.org/show_bug.cgi?id=8965
Wayne Davison <wayned at samba.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
--- Comment #4 from Wayne Davison <wayned at samba.org> 2012-06-16
17:40:14 UTC ---
A couple ways to avoid such an issue in the future:
* Always quote any wildcards that you aren't wanting to match files (i.e.
don't depend on your shell to pass non-matches as literal wildcards to any
program). If you can ask your shell to return an error for non-matched
wildcards (instead of running the command), that can help get in the habit
(e.g. use zsh's "setopt NOMATCH").
* Get in the habit of using --exclude=ARG so that unquoted wildcards are less
likely to match anything.
--
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.