[Possible SPAM]:Re: Patch to not modify files in place unless "--inplace" option specified

Carl E. Thompson lists-rsync at carlthompson.net
Fri May 9 00:08:05 GMT 2008

Wayne Davison wrote:
> On Wed, May 07, 2008 at 06:25:36PM -0700, Carl E. Thompson wrote:
>> This patch causes rsync to honor the absence of the "--inplace" option
>> for permission, owner and group changes.
> Unfortunately, that's not what the --inplace option is for.  Its purpose
> is to control how data updates occur, not attribute updates.  If I make
> rsync break hard-links to make attribute updates, it will need to be a
> new option, as is done in Matt's patch.
OK, but it seems a little counter-intuitive to say that the "--inplace"
option controls some in place file modifications but not others. This
also appears to be counter to the man page description of the
"--inplace" option which states

    This causes rsync not to create a new copy of the file and then move
it into place.

This implies of course that if the "--inplace" option is *not* given
then rsync *will* "create a new copy of the file and then move it into
place." What you seem to be saying is that really isn't true. If this is
the desired behavior of "--inplace" then the documentation is misleading
at best.

I guess what I'm saying that the current behavior seems to be counter to
the documentation, is not what a user of a tool like this would expect
and leads to significant well-known security vulnerabilities in common
use. On the other hand no one has yet been able to point out any real
world use case where applying this fix would lead to incorrect results.

So to me this would seem to fall in the category of a bug  or security fix.
> ...
> ..wayne..

Thank you,
Carl Thompson

-------------- next part --------------
HTML attachment scrubbed and removed

More information about the rsync mailing list