Fwd: Re: need help with an rsync patch

Matthias Schniedermeyer ms at citd.de
Tue Aug 13 06:36:53 MDT 2013

On 13.08.2013 14:20, Paul Slootman wrote:
> On Tue 13 Aug 2013, Matthias Schniedermeyer wrote:
> > 
> > BUT there is no direct vulnerability in that, only processes after that 
> > (like backup/rsync) can make a vulnerability out of it.
> ... which is what I already wrote.

I read your sentence differently:

> If he can make a HARD link to the shadow file, then he can already 
> read it - and worse.

My understanding of your sentence says:
The ability to hardlink, means that anyone can read any file they can 
make a hardlink to.

Having access to the directory entry is not the same as having access to 
the inode. User/group/permission is on the inode NOT the 



More information about the rsync mailing list