Fwd: Re: need help with an rsync patch
Matthias Schniedermeyer
ms at citd.de
Tue Aug 13 09:26:59 MDT 2013
On 13.08.2013 20:44, Sherin A wrote:
> On Tuesday 13 August 2013 05:50 PM, Paul Slootman wrote:
> >On Tue 13 Aug 2013, Matthias Schniedermeyer wrote:
> >>BUT there is no direct vulnerability in that, only processes after that
> >>(like backup/rsync) can make a vulnerability out of it.
> >... which is what I already wrote.
> >
> >
> >Paul
> So the solutions is to upgrade the kernel to 3.6 in all Operating
> systems installations. ? If it is one server , then it was a
> solution. Is it possible to add a flag to exclude hard inks of
> regular file instead of waiting the OS vendors for updating there
> kernel to 3.6
The other solution, if possible, is using separate
root/data(/whatever)-fileystems.
As hardlinks only work inside a single filesystem, if you can
separate different things you significantly reduce the problematic
cases.
The described "problem" with /etc/shadow can be prevented by that, if
the file isn't on the same filesytem, it can't be hardlinked.
The advantage of this solution is that it workes for (all) older
kernels.
--
Matthias
More information about the rsync
mailing list