strip setuid/setgid bits on backup (was Re: small security-related rsync extension)
mbp at samba.org
Sun Jul 21 03:36:01 EST 2002
On 19 Jul 2002, tim.conway at philips.com wrote:
> On Fri, 19 Jul 2002, Dan Stromberg wrote:
> > Many apologies. If we update on the nfs server, as we've intended all
> > along, we should have no .nfs* files.
.nfs files are created on the server, but they are created *by* a command
from the client. The client sends a RENAME op rather than UNLINK if the
dentry is still in use.
> Well, here's one thing that could make them, even if they're being created
> only directly, not over NFS.
> I'm watching the directory you're syncing into.
> I open the file while it's still there.
> You delete it, and I've got my .nfs* file.
(Why not just exploit the hole directly?)
Yes, but as I said the same problem exists with any tool run on the client:
cp, rpm, ...
It really is an interesting bug, but it's just not an rsync bug. I might
send mail (crediting Dan) to the Linux NFS client maintainer and see what
More information about the rsync