[Eisfair] [E1|E64] rsync Problem mit "--relative"

hilix hilmar.boehm at web.de
Mi Aug 17 11:09:23 CEST 2022 

Hallo,
...ich lese hier nur mit...

>> Soeben wurde auf 3.2.1 downgegraded. rsync meldet sich noch mit der>> # rsync --version>> rsync  version 3.2.4  protocol version 31

Heißt das, dass jetzt alle anderen User, die rsync nutzen und noch nicht upgegradet hatten oder neu installieren, immer noch die
(alte) rsync-Version erhalten, vor der Marcus wegen eines "großen Sicherheitsproblems" so eindringlich gewarnt hat?

Im akt. "rsync.tar.bz2.rec":
------
,,,
[netutils][rsync][3.2.2][s][https://www.pack-eis.de]version    3.2.2
...
[netutils][rsync][3.2.2][s][https://www.pack-eis.de]date       2022-08-06
...
[netutils][rsync][3.2.2][s][https://www.pack-eis.de]text       Internal Program Version: rsync  *3.2.4*
[netutils][rsync][3.2.2][s][https://www.pack-eis.de]text
...
------

Oder habe ich das falsch verstanden?

In der rsync man-page zur offiziellen, aktuellen 3.2.5 gibt es ein Hinweis, der mit --relative zu tun haben könnte. (s.u.)
Gibt es denn keinen Workaround für das --relative - Problem? Rolf könnte ggf. auch (vorüber gehend) mit mit einem:

# eisman upgrade --exclude=rsync

upgraden...

Grüße./Hilmar.

-----------------------------------------------------------------------------------
MULTI-HOST SECURITY
       Rsync takes steps to ensure that the file requests that are shared in a
       transfer are protected against various security issues.  Most of the
       potential problems arise on the receiving side where rsync takes  steps  to  ensure
       that the list of files being transferred remains within the bounds of what was requested.

       Toward  this end, rsync 3.1.2 and later have aborted when a file list contains
       an absolute or relative path that tries to escape out of the top of the transfer.
       Also, beginning with version 3.2.5, rsync does two more safety
       checks of the file list to (1) ensure that no extra source arguments were added
       into the transfer other than those that the client requested and (2) ensure
       that the file list obeys the exclude rules that  were  sent  to  the sender.

       For  those  that  don't yet have a 3.2.5 client rsync (or those that want
       to be extra careful), it is safest to do a copy into a dedicated destination
       directory for the remote files when you don't trust the remote host.  For
       example, instead of doing an rsync copy into your home directory:

           rsync -aiv host1:dir1 ~

       Dedicate a "host1-files" dir to the remote content:

           rsync -aiv host1:dir1 ~/host1-files

       See the --trust-sender option for additional details.
-----------------------------------------------------------------------------------

Mehr Informationen über die Mailingliste Eisfair