strip setuid/setgid bits on backup (was Re: small security-related rsync extension)
strombrg at nis.acs.uci.edu
Fri Jul 12 10:36:01 EST 2002
On Fri, Jul 12, 2002 at 02:59:11PM +1000, Martin Pool wrote:
> On 11 Jul 2002, Dan Stromberg <strombrg at nis.acs.uci.edu> wrote:
> > > I don't get what you are doing. Where did these insecure
> > > suid root files come from in the first place?
> > Have you ever read bugtraq on a regular basis? They're coming out of
> > the woodwork.
> Another question would be, why do you want to keep them around at all?
> Presumably so that people can undo the changes if something goes
Because when we update, for example, bash, everbody's bash is going to
die on them if we don't keep around backups (segfault as you demand page
from a binary that has Mostly the Same Stuff in Different Places).
Or does rsync unlink and recreate rather than overwriting? In that
case, we might just end up with a bunch of .nfs* files if we don't keep
Rumor has it, however, that depending on the .nfs* mechanism doesn't
always work. I haven't seen it fail myself, but one of the other guys
here, who's pretty experienced, sounds pretty convinced that it fails
> For your situation, it might work better to dump them all into a mode
> 700 backup directory.
I considered this, but I wasn't sure NFS/TheKernel would allow demand
paging from an inaccessible binary on all of our supported *ix platforms
now and into the future. Are you? We currently support Linux, Solaris,
Irix and Tru64 presently, and may add and drop some in the future.
> It seems like the overarching problem is different focusses: Dan wants
> rsync to be a software-distribution mechanism (which is certainly a
> good use for it), which which case stripping setuid bits is obviously
> quite desirable. But for a bit-perfect backup tool, it's probably
For what it's worth, everything but the backup files is still bit
perfect in what I'm proposing, and the backup files weren't bit perfect
to begin with.
Dan Stromberg UCI/NACS/DCS
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 232 bytes
Desc: not available
Url : http://lists.samba.org/archive/rsync/attachments/20020712/8d606851/attachment.bin
More information about the rsync