Worrisome race condition involving half-transferred files

Wayne Davison wayned at samba.org
Fri Oct 14 21:33:43 GMT 2005


On Thu, Oct 13, 2005 at 10:31:43AM -0400, Matt McCutchen wrote:
> Tell me if I'm wrong, but rsync seems to have a very serious race
> condition that would make it risky to transfer files into a directory
> writable by someone you don't trust if permissions are going to be
> granted to other people on those files.

This is not something that is unique to rsync.  For instance, if I
hard-link a file in that dir to a file that is owned by root, and root
uses "cp" to update that file, the hard-linked, root-owned file will be
affected.

One way to avoid a race like the one your cited is to use the --temp-dir
option: as long as your --temp-dir is on the same partition as the
destination dir and is only writable by you, you can avoid the
permission-changing problem you cited.

It might be worthwhile to also look into modifying rsync to use fchmod()
when possible, but in reality, if you're updating files in a directory
where you don't trust the users, there are lots of ways for them to
cause you trouble.

..wayne..


More information about the rsync mailing list