diff options
| author | bescoto <bescoto@2b77aa54-bcbc-44c9-a7ec-4f6cf2b41109> | 2005-03-26 01:02:13 +0000 |
|---|---|---|
| committer | bescoto <bescoto@2b77aa54-bcbc-44c9-a7ec-4f6cf2b41109> | 2005-03-26 01:02:13 +0000 |
| commit | 62b94cab6043f6c55d8069c9af6c6423246e0375 (patch) | |
| tree | 31499b56539360ff37934b6aed090df33d206408 | |
| parent | c8b2f7c62f0c8e8483fd5e10ef3fea0e72d442ea (diff) | |
| download | rdiff-backup-62b94cab6043f6c55d8069c9af6c6423246e0375.tar.gz | |
Added Dean Gaudet's fix to "--restrict /" option
git-svn-id: http://svn.savannah.nongnu.org/svn/rdiff-backup/trunk@561 2b77aa54-bcbc-44c9-a7ec-4f6cf2b41109
| -rw-r--r-- | rdiff-backup/CHANGELOG | 4 | ||||
| -rw-r--r-- | rdiff-backup/rdiff_backup/Security.py | 1 | ||||
| -rw-r--r-- | rdiff-backup/testing/securitytest.py | 10 |
3 files changed, 14 insertions, 1 deletions
diff --git a/rdiff-backup/CHANGELOG b/rdiff-backup/CHANGELOG index d8ccd56..7235191 100644 --- a/rdiff-backup/CHANGELOG +++ b/rdiff-backup/CHANGELOG @@ -24,7 +24,9 @@ Fixed user/group restoring error noticed by Fran Firman. Checked in Robert Shaw's --chars-to-quote patch Treated hard link permission problem on Mac OS X by applying -suggestion by David Vasilevsky. +suggestion by David Vasilevsky + +Dean Gaudet's patch fixes "--restrict /" option. New in v0.13.4 (2004/01/31) diff --git a/rdiff-backup/rdiff_backup/Security.py b/rdiff-backup/rdiff_backup/Security.py index 4715f7e..57e3d2f 100644 --- a/rdiff-backup/rdiff_backup/Security.py +++ b/rdiff-backup/rdiff_backup/Security.py @@ -196,6 +196,7 @@ def vet_rpath(rpath): """Require rpath not to step outside retricted directory""" if Globals.restrict_path and rpath.conn is Globals.local_connection: normalized, restrict = rpath.normalize().path, Globals.restrict_path + if restrict == "/": return components = normalized.split("/") # 3 cases for restricted dir /usr/foo: /var, /usr/foobar, /usr/foo/.. if (not normalized.startswith(restrict) or diff --git a/rdiff-backup/testing/securitytest.py b/rdiff-backup/testing/securitytest.py index e816b97..f8796ff 100644 --- a/rdiff-backup/testing/securitytest.py +++ b/rdiff-backup/testing/securitytest.py @@ -56,6 +56,16 @@ class SecurityTest(unittest.TestCase): SetConnections.CloseConnections() + def test_vet_rpath_root(self): + """Test vetting when restricted to root""" + remote_cmd = "../rdiff-backup --server --restrict-update-only /" + conn = SetConnections.init_connection(remote_cmd) + for rp in [RPath(Globals.local_connection, "blahblah"), + RPath(conn, "foo/bar")]: + conn.Globals.set("TEST_var", rp) + assert conn.Globals.get("TEST_var").path == rp.path + SetConnections.CloseConnections() + def secure_rdiff_backup(self, in_dir, out_dir, in_local, restrict_args, extra_args = "", success = 1, current_time = None): """Run rdiff-backup locally, with given restrict settings""" |