samba-bugs@samba.org
2008-May-08 01:19 UTC
DO NOT REPLY [Bug 4561] Add options --tweak, --no-tweak, --no-tweak-hlinked
https://bugzilla.samba.org/show_bug.cgi?id=4561 ------- Comment #5 from sites-samba@carlthompson.net 2008-05-07 20:19 CST ------- See bug #5448. -- Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug, or are watching the QA contact.
samba-bugs@samba.org
2008-May-08 04:19 UTC
DO NOT REPLY [Bug 4561] Add options --tweak, --no-tweak, --no-tweak-hlinked
https://bugzilla.samba.org/show_bug.cgi?id=4561 ------- Comment #6 from matt@mattmccutchen.net 2008-05-07 23:20 CST ------- Note that, as currently implemented, --no-tweak does not prevent tweaking of non-directories when the destination is subject to malicious concurrent modification: someone can replace a directory or new file whose attributes rsync is about to set with a hard link to an existing file. The following set of changes would fix this: 1. Use a secure --temp-dir. 2. Use temporary files for all non-directories in the same way as for regular files. 3. To tweak a directory, open it, fstat the fd to check that it refers to a directory (i.e., the directory wasn't concurrently replaced), and then set attributes with f* calls on the fd. This is secure because all rsync's attribute-setting calls are either in the temp dir, where a concurrent rsync won't replace files, or on fds that rsync has verified to refer to directories. For extra protection, the wrappers for path-based attribute-setting calls in syscall.c could be enhanced to check that the path is in the temp dir. #1 is its own option. A simple approach to integrating #2 and #3 would be to simply add them to --no-tweak. However, #2 is useful even without --no-tweak to ensure that a destination path always exists while it is being updated. Furthermore, --no-tweak is useful without #3 when there is no concurrent modification but a process that opens a destination file and fstats it twice must not see the attributes change. Thus, for maximum flexibility, I propose making #2 its own option, --stage-all, and adding an option --secure-no-tweak that includes --no-tweak, --stage-all, #3, and a check that the user specified a temp dir that appears to be outside the destination (begins with / or ..). The daemon parameter in bug 5448 would correspond to --secure-no-tweak and would come with a daemon temp dir that appears to be outside the *module*; of course, that is only possible when the module path isn't purely a chroot. -- Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug, or are watching the QA contact.
samba-bugs@samba.org
2008-May-08 12:48 UTC
DO NOT REPLY [Bug 4561] Add options --tweak, --no-tweak, --no-tweak-hlinked
https://bugzilla.samba.org/show_bug.cgi?id=4561
sites-samba@carlthompson.net changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |sites-samba@carlthompson.net
OtherBugsDependingO|5448 |5449
nThis| |
------- Comment #7 from sites-samba@carlthompson.net 2008-05-08 07:48 CST
-------
I think you mean to reference bug 5449 (not 5448).
--
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
samba-bugs@samba.org
2008-May-08 12:54 UTC
DO NOT REPLY [Bug 4561] Add options --tweak, --no-tweak, --no-tweak-hlinked
https://bugzilla.samba.org/show_bug.cgi?id=4561
matt@mattmccutchen.net changed:
What |Removed |Added
----------------------------------------------------------------------------
OtherBugsDependingO|5449 |5448
nThis| |
------- Comment #8 from matt@mattmccutchen.net 2008-05-08 07:54 CST -------
No, I do mean bug 5448, because the daemon parameter there is another form of
the --no-tweak/--secure-no-tweak option here. The daemon link-dest parameter
of bug 5449 is not directly related to the --*tweak options although they are
useful together.
--
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
Seemingly Similar Threads
- DO NOT REPLY [Bug 5448] New: rsync modifies files in place even without --inplace specified
- DO NOT REPLY [Bug 4561] Add options --tweak, --no-tweak, --no-tweak-hlinked
- DO NOT REPLY [Bug 4561] Add options --tweak, --no-tweak, --no-tweak-hlinked
- DO NOT REPLY [Bug 4561] Add options --tweak, --no-tweak, --no-tweak-hlinked
- DO NOT REPLY [Bug 5645] New: Optimization-only basis dirs that don't affect itemization