Unfortunate results from fake-super

Dave Gordon dg32768 at zoho.eu
Sat Feb 3 13:20:10 UTC 2018

When using fake-super mode in an rsync receiver, anything that's neither a
file nor a directory (e.g. devices, symlinks, etc) is converted into a file,
and properties such as original ownership, filetype, and permissions are
stored in a specific extended attribute.

In the case of a symlink, the contents of the link are stored in a plain
file. The original mode of the symlink is normally irrelevant, because
(Linux) hosts ignore a symlink's mode and use that of the target instead.
But in fake-super mode, the original mode of the link itself (usually
0120777) is used to set the permissions on the receiver's plain-file copy.

This results in the copy being world-writable. If this plain file is altered
and then transferred back to the origin, the resulting symlink can point to
an arbitrary path, which leads to potential security issues.


This was first observed in version 3.1.1 on kubuntu, but is still the same
in version 3.1.3 as of 28 Jan 2018.
See also  Storing-ownership-device-nodes-without-root


Sent from: http://samba.2283325.n4.nabble.com/Samba-rsync-f2500462.html

More information about the rsync mailing list