unnecessary /proc requirement in 3.1.1

Fyodorov "Bga" Alexander bga.email at gmail.com
Sat Aug 1 11:21:40 UTC 2015


Hi. Thanks for good program.

I'm quite paranoid guy and dont beleave when some program offer me "use
chroot = yes". Instead i jail program manually.
I was at 3.0.9 and all was fine. Manual chroot only requires files dir,
config and personal tmp. 3.1.1 now also want whole /proc only for
/proc/self/fd/X instead just fd number. Whole /proc is  serious security
risk for me. Why?

starce log
lstat64("tt", {st_mode=S_IFDIR|S_ISGID|0755, st_size=4096, ...}) = 0
fstatat64(AT_FDCWD, "tt", {st_mode=S_IFDIR|S_ISGID|0755, st_size=4096,
...}, AT
_SYMLINK_NOFOLLOW) = 0
openat(AT_FDCWD, "tt", O_RDONLY|O_NOCTTY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 2
fstatat64(AT_FDCWD, "/proc/self/fd/2", 0x5bafe7f0, 0) = -1 ENOENT (No
such file
 or directory)
close(2)                                = 0
getpid()                                = 1395
sendto(0, "<28>Aug  1 00:35:51 rsyncd[1395]"..., 117, 0, NULL, 0) = -1
ENOTCONN
 (Socket not connected)
connect(0, {sa_family=AF_LOCAL, sun_path="/dev/log"}, 12) = -1 ENOENT
(No such
file or directory)
select(4, [1], [3], [1], {60, 0})       = 1 (out [3], left {59, 999915})
write(3, "V\0\0\10rsync: failed to set permiss"..., 361) = 361



-- 
Alexander.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/rsync/attachments/20150801/3c0d587a/attachment.html>


More information about the rsync mailing list