Commit 6c0a2b48 authored by bescoto's avatar bescoto

Added Dean Gaudet's fix to "--restrict /" option


git-svn-id: http://svn.savannah.nongnu.org/svn/rdiff-backup@561 2b77aa54-bcbc-44c9-a7ec-4f6cf2b41109
parent a86b3e43
......@@ -24,7 +24,9 @@ Fixed user/group restoring error noticed by Fran Firman.
Checked in Robert Shaw's --chars-to-quote patch
Treated hard link permission problem on Mac OS X by applying
suggestion by David Vasilevsky.
suggestion by David Vasilevsky
Dean Gaudet's patch fixes "--restrict /" option.
New in v0.13.4 (2004/01/31)
......
......@@ -196,6 +196,7 @@ def vet_rpath(rpath):
"""Require rpath not to step outside retricted directory"""
if Globals.restrict_path and rpath.conn is Globals.local_connection:
normalized, restrict = rpath.normalize().path, Globals.restrict_path
if restrict == "/": return
components = normalized.split("/")
# 3 cases for restricted dir /usr/foo: /var, /usr/foobar, /usr/foo/..
if (not normalized.startswith(restrict) or
......
......@@ -56,6 +56,16 @@ class SecurityTest(unittest.TestCase):
SetConnections.CloseConnections()
def test_vet_rpath_root(self):
"""Test vetting when restricted to root"""
remote_cmd = "../rdiff-backup --server --restrict-update-only /"
conn = SetConnections.init_connection(remote_cmd)
for rp in [RPath(Globals.local_connection, "blahblah"),
RPath(conn, "foo/bar")]:
conn.Globals.set("TEST_var", rp)
assert conn.Globals.get("TEST_var").path == rp.path
SetConnections.CloseConnections()
def secure_rdiff_backup(self, in_dir, out_dir, in_local, restrict_args,
extra_args = "", success = 1, current_time = None):
"""Run rdiff-backup locally, with given restrict settings"""
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment