Unfortunate results from fake-super

Dave Gordon dg32768 at zoho.eu
Sat Feb 3 13:20:10 UTC 2018


When using fake-super mode in an rsync receiver, anything that's neither a
file nor a directory (e.g. devices, symlinks, etc) is converted into a file,
and properties such as original ownership, filetype, and permissions are
stored in a specific extended attribute.

In the case of a symlink, the contents of the link are stored in a plain
file. The original mode of the symlink is normally irrelevant, because
(Linux) hosts ignore a symlink's mode and use that of the target instead.
But in fake-super mode, the original mode of the link itself (usually
0120777) is used to set the permissions on the receiver's plain-file copy.

This results in the copy being world-writable. If this plain file is altered
and then transferred back to the origin, the resulting symlink can point to
an arbitrary path, which leads to potential security issues.

Example:

This was first observed in version 3.1.1 on kubuntu, but is still the same
in version 3.1.3 as of 28 Jan 2018.
See also  Storing-ownership-device-nodes-without-root
<http://samba.2283325.n4.nabble.com/Storing-ownership-device-nodes-without-root-td2503256.html#a2503261>  

.Dave.



--
Sent from: http://samba.2283325.n4.nabble.com/Samba-rsync-f2500462.html



More information about the rsync mailing list