Fwd: Re: need help with an rsync patch
Matthias Schniedermeyer
ms at citd.de
Tue Aug 13 06:16:37 MDT 2013
On 13.08.2013 12:29, Paul Slootman wrote:
> On Tue 13 Aug 2013, Matthias Schniedermeyer wrote:
> > On 13.08.2013 09:52, Paul Slootman wrote:
>
> My mistake for assuming that people run current linux kernels...
>
> /proc/sys/fs/protected_hardlinks (since Linux 3.6)
> When the value in this file is 0, no restrictions are placed on
> the creation of hard links (i.e., this is the historical behav???
> iour before Linux 3.6). When the value in this file is 1, a
> hard link can be created to a target file only if one of the
> following conditions is true:
>
> I would suggest that upgrading the kernel is a better solution for the
> OP than patching rsync. If your backup strategy involves backuping up
> files as root to a medium that is readable by everyone so that the link
> in the user's home directory is restorable as the user, then there are
> more problems waiting to happen besides this...
The kernel-option is more for the reason of "least surprise" than
anything.
Most find it unexpected that you can hardlink anything you can reach.
BUT there is no direct vulnerability in that, only processes after that
(like backup/rsync) can make a vulnerability out of it.
IOW hardlinking everything doesn't immediatly create a problem, it's
when you do something else that is "unsafe" that results in the
hardlinks beeing a problem.
Best example would be backup/restore where the restore blindly
overwrites files (like rsync --inplace), that would restore the
hardlinked original back the the earlier version, instead of a seperate
file that contains the earlier version.
I'm assumg that the backup/restore processes runs as root, so has
actually permission to do that.
--
Matthias
More information about the rsync
mailing list