Fwd: Re: need help with an rsync patch

Matthias Schniedermeyer ms at citd.de
Tue Aug 13 06:16:37 MDT 2013

On 13.08.2013 12:29, Paul Slootman wrote:
> On Tue 13 Aug 2013, Matthias Schniedermeyer wrote:
> > On 13.08.2013 09:52, Paul Slootman wrote:
> My mistake for assuming that people run current linux kernels...
>     /proc/sys/fs/protected_hardlinks (since Linux 3.6)
> 	When  the value in this file is 0, no restrictions are placed on
> 	the creation of hard links (i.e., this is the historical  behav???
> 	iour  before  Linux  3.6).   When the value in this file is 1, a
> 	hard link can be created to a target file only  if  one  of  the
> 	following conditions is true:
> I would suggest that upgrading the kernel is a better solution for the
> OP than patching rsync.  If your backup strategy involves backuping up
> files as root to a medium that is readable by everyone so that the link
> in the user's home directory is restorable as the user, then there are
> more problems waiting to happen besides this...

The kernel-option is more for the reason of "least surprise" than 

Most find it unexpected that you can hardlink anything you can reach.

BUT there is no direct vulnerability in that, only processes after that 
(like backup/rsync) can make a vulnerability out of it.
IOW hardlinking everything doesn't immediatly create a problem, it's 
when you do something else that is "unsafe" that results in the 
hardlinks beeing a problem.
Best example would be backup/restore where the restore blindly 
overwrites files (like rsync --inplace), that would restore the 
hardlinked original back the the earlier version, instead of a seperate 
file that contains the earlier version.
I'm assumg that the backup/restore processes runs as root, so has 
actually permission to do that.



More information about the rsync mailing list