SeyZ
commented
12 years ago In addition, verify that it's not possible to hack the stanza path of a file:
For example, a path like '../../../linux-kernel/kernel.c' can be a problem :-)
Closed SeyZ closed 12 years ago
SeyZ
commented
12 years ago In addition, verify that it's not possible to hack the stanza path of a file:
For example, a path like '../../../linux-kernel/kernel.c' can be a problem :-)
During the first stanza sent for the rsync task, the node is given according to the config entry in the configuration file without any server-side verification (if the user is a subscriber on this node). It means that if the user changes the value of the config entry to any node, the user will write the change in the directory of the chosen project.