rdiff-backup-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [rdiff-backup-users] Security violations with --server --restrict-re


From: Ben Escoto
Subject: Re: [rdiff-backup-users] Security violations with --server --restrict-read-only
Date: Wed, 27 Aug 2003 13:42:44 -0700

>>>>> "RN" == Randall Nortman <address@hidden>
>>>>> wrote the following on Mon, 25 Aug 2003 19:27:06 -0500

  RN> Being the impatient sort that I am, I have done yet more
  RN> investigation on this problem. I installed 0.13.1 on both client
  RN> and server and reproduced the problem in the same way as with
  RN> 0.12.3, except that now the security violation is on the call to
  RN> os.getcwd on line 510 of Main.py. Again, to reproduce this, just
  RN> execute something like this:

  RN> rdiff-backup --remote-schema 'ssh -C %s --server
  RN> --restrict-read-only /some/path' hostname::/some/path
  RN> /destination/path

  RN> Anybody have any suggestions? Is anybody even hearing me?

Yes, I can reproduce your error.  Two patches for 0.12.3 that should
fix this are at:

http://savannah.nongnu.org/cgi-bin/viewcvs/rdiff-backup/rdiff-backup/rdiff_backup/Security.py.diff?r1=1.12&r2=1.12.2.1

http://savannah.nongnu.org/cgi-bin/viewcvs/rdiff-backup/rdiff-backup/rdiff_backup/Main.py.diff?r1=1.38.2.3&r2=1.38.2.4

There have been more changes to 0.13.1, and I'm not sure the patches
would apply.  But unless you want to help test you want to use 0.12.x
anyway.


-- 
Ben Escoto

Attachment: pgpqbQsE7horF.pgp
Description: PGP signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]