DO NOT REPLY [Bug 4263] Change the daemon's symlink safety mode to allow absolute symlinks

samba-bugs at samba-bugs at
Tue Nov 28 16:08:28 GMT 2006

wayned at changed:

           What    |Removed                     |Added
           Severity|critical                    |enhancement
             Status|NEW                         |ASSIGNED
            Summary|Symlinks gets corruped when |Change the daemon's symlink
                   |rsyncd is used to 'put' the |safety mode to allow
                   |symlink.                    |absolute symlinks
            Version|2.6.8                       |3.0.0

------- Comment #1 from wayned at  2006-11-28 10:08 MST -------
This is a safety feature when running the rsync daemon without chroot.  The
easiest way to work around it is to set "use chroot = yes" in the config file.

I looked into improving the symlink safety mode to not modify an absolute
symlink, but this will require changing rsync to chdir() into every destination
directory when making changes (so that a user can't substitute a symlink for a
directory in between a path's validity change and its use), so I deferred this
change from 2.6.9 to a later release.  If 3.0.0 gets changed to use more
chdir() calls, I will revisit making a non-chroot daemon have a safe symlink
mode that doesn't mangle absolute symlinks.

Another, easier change would be to allow the config file to choose to accept
unsafe symlinks in a non-chroot area.  You can manually disable the code that
sanitizes the symlinks by looking for a sanitize_path() call inside an #ifdef
SUPPORT_LINKS section in flist.c -- if that call were commented out, the
symlinks would not be changed by a receiving daemon.

Configure bugmail:
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

More information about the rsync mailing list