rdiff-backup-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [rdiff-backup-users] os.makedirs Security Violation


From: Keith Edmunds
Subject: Re: [rdiff-backup-users] os.makedirs Security Violation
Date: Thu, 20 Oct 2005 17:08:29 +0100
User-agent: Debian Thunderbird 1.0.2 (X11/20050817)

Mike Bydalek wrote:
I suppose I *could* do a mkdir -p, but it just seems redundant to do.

I didn't mean to suggest that you should manually create directories - as you say, that's the whole point of this switch in rdiff-backup. That said, this option is very simply implemented, and I can see no reason why user X shoudl be able to successfully create multiple directory paths in one go using 'mkdir' but not using 'os.makedirs' in Python.

Please try this whilst logged into the backup server *as the user who runs rdiff-backup* - let me stress, it MUST be as the user who experienced the original problem ("backupuser" in your original posting):

$ python
>>> import os
>>> os.makedirs('/home/mbydalek/x/y/z')
>>> ^D

...and let me know what happens. You can remove the superflous directories after with "rm -r /home/mbydalek/x".

Keith

--
Keith Edmunds

+---------------------------------------------------------------------+
|  Tiger Computing Ltd  |  Helping businesses make the most of Linux  |
|  "The Linux Company"  |    http://www.TheLinuxConsultancy.co.uk     |
+---------------------------------------------------------------------+




reply via email to

[Prev in Thread] Current Thread [Next in Thread]