On Tuesday 13 August 2013 12:23 PM, Joe wrote:> Is there any way at all to say which is the original file and which is > the hard link? I'll bet there isn't, although I' m not an internals guy > at all. If so, this would be impossible to do. The inode is the > "original", but all the file table entries to it are hard links (if > they're not symlinks.) > > I guess the question is, what do you really want to accomplish? > > The fact that more than one hard link exists probably means it really > does need to be backed up - or that the hard link shouldn't be there in > the original file system. > > Joe > > On 08/13/2013 01:11 AM, Sherin A wrote: >> Can some one create a patch for excluding "hard link regular file" >> from copying ?. May be like a command flag , rsync >> --no-hardlink-copy .... >>Hello Jose, I think it is possible to check whether a file is regular file or having more than one links, ( you can check it with stat system call ) The situation is we have an rsync command in a server which will copy files of local users into a remote server / filesystem . Also have ability to restore it , it is simple backup. But if a user create a hard link to /etc/shadow from his home dir , and he request a restore , then he can read the shadow files and decrypt it . So if there is an option to avoid hardlinks during copy process , it is will add and extra security , it only need to add the following check condition , 1) Check the file that are going to copy is a regular file or having more than 1 links Also we have checked a lot of other thridparty software that use this rsync too, which all have this race condition exploit running on . let me know if you need a POC -- -------------------------------------- Regards Sherin A http://www.sherin.co.in/
On Tue 13 Aug 2013, Sherin A wrote:> But if a user create a > hard link to /etc/shadow from his home dir , and he request a restore , > then he can read the shadow files and decrypt it .If he can make a HARD link to the shadow file, then he can already read it - and worse. Paul
On Wednesday 14 August 2013 08:29 PM, Justin Pryzby wrote:> On Wed, Aug 14, 2013 at 04:09:46PM +0530, Sherin A wrote: >> On Tuesday 13 August 2013 10:24 PM, Justin T Pryzby wrote: >>>> PS : if any one interested in making a patch with an additional >>>> option for rsync for excluding hardlinks with -links +1 links , >>>> please help me , it is easy to check the file with an lstat / stat >>>> system call. Or is it possible to get a developer documentation for >>>> rsync with the detailed info ? >>> You could do that with --exclude, but first, think about the >>> implications of that. Your users could make hardlinks to system >>> files and those owned by other users files (which they can stat) and >>> that would cause rsync to avoid backing up those files (by either >>> name, since link count is shared between all links, of course). >>> >>> Justin >> Any further information related with this ? > On what? How to implement with --exclude? Or how users could cause > files to be not backed up, making such an implementation a terrible > idea? > > Justin (off list)It won't work with --exclude , because 1) we are identifying all hardlinks with find command and will be placed in a test file for a user 2) Then we do the rsync with --exclude-from=somefile.txt But how we solve this timed raced conditions as follows which happen in between the above to steps , hax at hax.com [~/hax]# for i in {1..5000}; do ln -f /etc/shadow $i; done Still the only solution to embedded the option to avoid hardlink if need . -- -------------------------------------- Regards Sherin A http://www.sherin.co.in/