post-xfer exec -- more juice!
wayned at samba.org
Sat Sep 9 16:55:13 GMT 2006
On Fri, Sep 08, 2006 at 12:42:16PM +0800, Mike Daws wrote:
> Am I missing some trivial way to give this information to a post-exec
The easiest thing to do with the current system is to use some kind of
caching mechanism in the pre-xfer exec to note the RSYNC_REQUEST string
for use in the post-xfer exec. Unfortunately, the best you can do with
the information currently at hand is to cache based on a combination of
fairly unique items, such as RSYNC_HOST_ADDR + RSYNC_USER_NAME +
RSYNC_MODULE_NAME. (You can't use something like parent PID, because
the pre-xfer exec isn't the child of the transfer PID.)
> Are there some logistical restrictions which would prevent me from
> (easily) modifying the rsync source to send this information to the
> post-exec script?
The xfer forks all happen prior to the process receiving the request
info because it has already run chroot and changed the user permissions
when starting the transfer. A special pipe is used to communicate the
request info to the post-xfer process. There are several things that
could be done to rsync to effect the change you want:
1. Use a similar pipe to communicate the info to the pre-xfer process.
2. Fork a single pre/post xfer process that uses the single pipe's info
to setup the environment and then handles the pre- & post- xfer
commands (using another sub-process for the pre-exec command if it
needed to run both).
3. Change the code to not chroot & set user permissions until after the
start of the transfer begins, making the code in this first part of
the transfer critical to get right to avoid security bugs.
I personally think that option 2 is a good choice and could be put into
the current code without too much difficulty.
More information about the rsync