post-xfer exec -- more juice!

[Wayne Davison]

On Fri, Sep 08, 2006 at 12:42:16PM +0800, Mike Daws wrote:
> Am I missing some trivial way to give this information to a post-exec
> script?

The easiest thing to do with the current system is to use some kind of
caching mechanism in the pre-xfer exec to note the RSYNC_REQUEST string
for use in the  post-xfer exec.  Unfortunately, the best you can do with
the information currently at hand is to cache based on a combination of
fairly unique items, such as RSYNC_HOST_ADDR + RSYNC_USER_NAME +
RSYNC_MODULE_NAME.  (You can't use something like parent PID, because
the pre-xfer exec isn't the child of the transfer PID.)

> Are there some logistical restrictions which would prevent me from
> (easily) modifying the rsync source to send this information to the
> post-exec script?

The xfer forks all happen prior to the process receiving the request
info because it has already run chroot and changed the user permissions
when starting the transfer.  A special pipe is used to communicate the
request info to the post-xfer process.  There are several things that
could be done to rsync to effect the change you want:

1. Use a similar pipe to communicate the info to the pre-xfer process.

2. Fork a single pre/post xfer process that uses the single pipe's info
   to setup the environment and then handles the pre- & post- xfer
   commands (using another sub-process for the pre-exec command if it
   needed to run both).

3. Change the code to not chroot & set user permissions until after the
   start of the transfer begins, making the code in this first part of
   the transfer critical to get right to avoid security bugs.

I personally think that option 2 is a good choice and could be put into
the current code without too much difficulty.

..wayne..