samba-bugs@samba.org
2008-May-10 23:24 UTC
DO NOT REPLY [Bug 5457] New: Add a client-side --munge-symlinks option
https://bugzilla.samba.org/show_bug.cgi?id=5457
Summary: Add a client-side --munge-symlinks option
Product: rsync
Version: 3.0.3
Platform: Other
OS/Version: Linux
Status: NEW
Severity: enhancement
Priority: P3
Component: core
AssignedTo: wayned@samba.org
ReportedBy: matt@mattmccutchen.net
QAContact: rsync-qa@samba.org
Just as we have worked hard recently to secure daemons from untrusted clients,
I think we should try to secure clients that pull data from untrusted daemons.
One of the easiest ways a daemon could compromise a client is to send a symlink
to a sensitive area and a file under the symlink, e.g., "foo" ->
"/home/matt"
and "foo/.ssh/authorized_keys". This is essentially the same exploit
that
necessitates symlink munging for not-purely-chroot daemon modules, just turned
around.
I would like to be able to prevent this exploit while still storing some
representation of the daemon's symlinks in the destination. A natural way
to
support this would be to add a client-side option --munge-symlinks that munges
received symlinks and unmunges sent symlinks just like the daemon parameter.
(Of course, the prefix "/rsyncd-munged/" isn't quite accurate for
a client, but
let's use it anyway for compatibility.) --munge-symlinks would also make it
possible to work around bug 4037 when the receiver is not a daemon.
--
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
samba-bugs@samba.org
2008-Jul-29 01:06 UTC
DO NOT REPLY [Bug 5457] Add a client-side --munge-symlinks option
https://bugzilla.samba.org/show_bug.cgi?id=5457
wayned@samba.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
Version|3.0.3 |3.1.0
------- Comment #1 from wayned@samba.org 2008-07-28 20:06 CST -------
This is now present in git repository for 3.1.0 development.
--
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
Reasonably Related Threads
- DO NOT REPLY [Bug 4263] New: Symlinks gets corruped when rsyncd is used to 'put' the symlink.
- Puppet Error - Munge - Conf File
- Anyone using torque/pbs/munge?
- Rsync-daemon security advisories for writable daemons
- Rsync-daemon security advisories for writable daemons