thr3ads.net - rsync - DO NOT REPLY [Bug 5457] New: Add a client-side --munge-symlinks option [May 2008]

If this information is useful, please help other people find it:
Share via:

samba-bugs@samba.org

2008-May-10 23:24 UTC

DO NOT REPLY [Bug 5457] New: Add a client-side --munge-symlinks option

https://bugzilla.samba.org/show_bug.cgi?id=5457

           Summary: Add a client-side --munge-symlinks option
           Product: rsync
           Version: 3.0.3
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: enhancement
          Priority: P3
         Component: core
        AssignedTo: wayned@samba.org
        ReportedBy: matt@mattmccutchen.net
         QAContact: rsync-qa@samba.org


Just as we have worked hard recently to secure daemons from untrusted clients,
I think we should try to secure clients that pull data from untrusted daemons. 
One of the easiest ways a daemon could compromise a client is to send a symlink
to a sensitive area and a file under the symlink, e.g., "foo" ->
"/home/matt"
and "foo/.ssh/authorized_keys".  This is essentially the same exploit
that
necessitates symlink munging for not-purely-chroot daemon modules, just turned
around.

I would like to be able to prevent this exploit while still storing some
representation of the daemon's symlinks in the destination.  A natural way
to
support this would be to add a client-side option --munge-symlinks that munges
received symlinks and unmunges sent symlinks just like the daemon parameter. 
(Of course, the prefix "/rsyncd-munged/" isn't quite accurate for
a client, but
let's use it anyway for compatibility.)  --munge-symlinks would also make it
possible to work around bug 4037 when the receiver is not a daemon.


-- 
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

samba-bugs@samba.org

2008-Jul-29 01:06 UTC

head link

DO NOT REPLY [Bug 5457] Add a client-side --munge-symlinks option

https://bugzilla.samba.org/show_bug.cgi?id=5457


wayned@samba.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED
            Version|3.0.3                       |3.1.0




------- Comment #1 from wayned@samba.org  2008-07-28 20:06 CST -------
This is now present in git repository for 3.1.0 development.


-- 
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

Maybe Matching Threads

Search for more apparently analagous threads

rsync - May 2008 - DO NOT REPLY [Bug 5457] New: Add a client-side --munge-symlinks option

DO NOT REPLY [Bug 5457] New: Add a client-side --munge-symlinks option

DO NOT REPLY [Bug 5457] Add a client-side --munge-symlinks option

Maybe Matching Threads