Funny issue with chroot + symlink outside chroot
Olivier Thauvin
nanardon at nanardon.zarb.org
Sat Nov 10 17:36:03 GMT 2007
Hi,
The problem I found is not in what rsync, but on the error handling:
How to reproduce:
On server side I setup a tree and share using rsync + xinetd, of course, for
security reason I use chroot option.
Now I push this symlink:
lrwxrwxrwx 1 root root 4 nov 10 16:28 horsroot -> /bin/
Now I try to do:
./rsync -avPH --copy-unsafe-links draco::test/ /tmp/rsyncdest/
(Of course the transfert will failed because /bin is outside the chroot.)
The first problem is the error message is not push to stderr but stdout:
---------------------------
[nanardon at draco rsync]$ rsync -avPH --copy-unsafe-links
virgo::test/ /tmp/rsyncdest/ 2>/dev/null
[...]
file has vanished: "/horsroot" (in test)
--------------------------
Nothing is sent to stderr whereas error code is set:
$ echo $?
24
I had a look to flist.c/sender.c, it seems this is expected behavior:
(flist.c:1037)
enum logcode c = am_daemon && protocol_version < 28
? FERROR : FINFO;
and indeed the message is produce by daemon, and I am using proto 29 or 30.
Well, I also found the message is not the appropriate one, the file has not
vanished (at least, we cannot know that, the file pointed is outside our
tree).
I tried this to fix, but this part is not trivial, and I am not sure this does
not have side effect. (The patch is partial, the same should be applied to
sender.c).
diff -u -b -B -w -p -r1.468 flist.c
--- flist.c 6 Nov 2007 15:25:02 -0000 1.468
+++ flist.c 10 Nov 2007 17:21:51 -0000
@@ -1026,8 +1026,8 @@ struct file_struct *make_file(const char
if (save_errno == ENOENT) {
#ifdef SUPPORT_LINKS
/* Avoid "vanished" error if symlink points nowhere.
*/
- if (copy_links && x_lstat(thisname, &st, NULL) == 0
- && S_ISLNK(st.st_mode)) {
+ if ((copy_links && x_lstat(thisname, &st, NULL) == 0
+ && S_ISLNK(st.st_mode)) || x_stat(thisname, &st,
NULL) != 0) {
io_error |= IOERR_GENERAL;
rprintf(FERROR, "symlink has no
referent: %s\n",
full_fname(thisname));
Summary:
- should "vanished" message be report as INFO instead ERROR ?
- can we detected --copy-unsafe-symlink for file outside chroot ?
Regards.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.samba.org/archive/rsync/attachments/20071110/2c5aef7b/attachment.bin
More information about the rsync
mailing list