[adejong@debian.org: Bug#531639: rsync can end up deleting unrelated files when a directory is replaced by a symlink]

Paul Slootman paul at debian.org
Thu Jun 4 17:05:16 GMT 2009 

Please see the included debian bug report, where during a local transfer
rsync (3.0.3) follows a symlink in the destination to delete a file in
the source tree.  At least 3.0.5 works correctly in this regard; however
I can't find a changelog entry that's directly related to this.

Would it be possible to extract the diff that fixes this so that the
3.0.3 version in debian stable might be fixed for this? Getting 3.0.5
into the stable archive won't happen...


Thanks,
Paul
(Please Cc: 531639-forwarded at bugs.debian.org on followups)

-----
Subject: Bug#531639: rsync can end up deleting unrelated files when a directory is replaced by a symlink
From: Arthur de Jong <adejong at debian.org>
Date: Wed, 03 Jun 2009 00:10:04 +0200

Subject: rsync can end up deleting unrelated files when a directory is replaced by a symlink
Package: rsync
Version: 3.0.3-2
Severity: important

I ran into this when reorganising some directories and putting
compatibility symlinks in place. The end result that the whole directory
went missing.

I think the best way to explain is a demonstration. We set up simple
source and destination directories:

% cd /tmp
% mkdir -p src/foo dst
% touch src/foo/some_file
% rsync -a -v --delete --delete-delay src/ dst/
sending incremental file list
foo/
foo/some_file

sent 123 bytes  received 35 bytes  316.00 bytes/sec
total size is 0  speedup is 0.00
% find src dst -ls
116737  1 drwx------   3 arthur  users  1024 Jun  2 23:48 src
116738  1 drwx------   2 arthur  users  1024 Jun  2 23:48 src/foo
116739  0 -rw-------   1 arthur  users     0 Jun  2 23:48 src/foo/some_file
120833  1 drwx------   3 arthur  users  1024 Jun  2 23:48 dst
120834  1 drwx------   2 arthur  users  1024 Jun  2 23:48 dst/foo
120835  0 -rw-------   1 arthur  users     0 Jun  2 23:48 dst/foo/some_file

So far so good. Now let's reorganise our src directory (note the
absolute symlink):

% mv src/foo src/bar
% ln -s /tmp/src/bar src/foo
% find src -ls
116737  1 drwx------   3 arthur  users  1024 Jun  2 23:49 src
116738  1 drwx------   2 arthur  users  1024 Jun  2 23:48 src/bar
116739  0 -rw-------   1 arthur  users     0 Jun  2 23:48 src/bar/some_file
116740  0 lrwxrwxrwx   1 arthur  users    12 Jun  2 23:49 src/foo -> /tmp/src/bar
% rsync -a -v --delete --delete-delay src/ dst/
sending incremental file list
./
deleting foo/some_file
foo -> /tmp/src/bar
bar/
bar/some_file
deleting foo/some_file
rsync: delete_file: rmdir(foo) failed: Not a directory (20)

sent 164 bytes  received 41 bytes  410.00 bytes/sec
total size is 12  speedup is 0.06
% find src dst -ls
116737  1 drwx------   3 arthur  users  1024 Jun  2 23:49 src
116738  1 drwx------   2 arthur  users  1024 Jun  2 23:50 src/bar
116740  0 lrwxrwxrwx   1 arthur  users    12 Jun  2 23:49 src/foo -> /tmp/src/bar
120833  1 drwx------   3 arthur  users  1024 Jun  2 23:49 dst
120835  1 drwx------   2 arthur  users  1024 Jun  2 23:48 dst/bar
120836  0 -rw-------   1 arthur  users     0 Jun  2 23:48 dst/bar/some_file
120834  0 lrwxrwxrwx   1 arthur  users    12 Jun  2 23:49 dst/foo -> /tmp/src/bar

The rsync errored out (which is anoying) but the real problem is that
some_file was removed from the src directory altogether. This can have
more grave consequences if the symlink points to some other place.

This could be considered a security bug because the source end can trick
the destination end to remove arbitrary files on the destination (I only
tested this in this local setup though).

Note that this only seems to happen with --delete-delay (at least not
with --delete-after and --delete-during). Also note that this does not
occur with the version from sid (3.0.5-1).

-- System Information:
Debian Release: 5.0.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (x86_64)

Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages rsync depends on:
ii  base-files                    5lenny2    Debian base system miscellaneous f
ii  libacl1                       2.2.47-2   Access control list shared library
ii  libc6                         2.7-18     GNU C Library: Shared libraries
ii  libpopt0                      1.14-4     lib for parsing cmdline parameters
ii  lsb-base                      3.2-20     Linux Standard Base 3.2 init scrip

rsync recommends no packages.

Versions of packages rsync suggests:
ii  openssh-client                1:5.1p1-5  secure shell client, an rlogin/rsh
ii  openssh-server                1:5.1p1-5  secure shell server, an rshd repla

-- no debconf information

-- 
-- arthur - adejong at debian.org - http://people.debian.org/~adejong --



----- End forwarded message -----

More information about the rsync mailing list