Hi. Thanks for good program.
I'm quite paranoid guy and dont beleave when some program offer me "use
chroot = yes". Instead i jail program manually.
I was at 3.0.9 and all was fine. Manual chroot only requires files dir,
config and personal tmp. 3.1.1 now also want whole /proc only for
/proc/self/fd/X instead just fd number. Whole /proc is serious security
risk for me. Why?
starce log
lstat64("tt", {st_mode=S_IFDIR|S_ISGID|0755, st_size=4096, ...}) = 0
fstatat64(AT_FDCWD, "tt", {st_mode=S_IFDIR|S_ISGID|0755, st_size=4096,
...}, AT
_SYMLINK_NOFOLLOW) = 0
openat(AT_FDCWD, "tt", O_RDONLY|O_NOCTTY|O_NOFOLLOW|O_CLOEXEC|O_PATH)
= 2
fstatat64(AT_FDCWD, "/proc/self/fd/2", 0x5bafe7f0, 0) = -1 ENOENT (No
such file
or directory)
close(2) = 0
getpid() = 1395
sendto(0, "<28>Aug 1 00:35:51 rsyncd[1395]"..., 117, 0, NULL,
0) = -1
ENOTCONN
(Socket not connected)
connect(0, {sa_family=AF_LOCAL, sun_path="/dev/log"}, 12) = -1 ENOENT
(No such
file or directory)
select(4, [1], [3], [1], {60, 0}) = 1 (out [3], left {59, 999915})
write(3, "V\0\0\10rsync: failed to set permiss"..., 361) = 361
--
Alexander.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.samba.org/pipermail/rsync/attachments/20150801/3c0d587a/attachment.html>
On Sat, Aug 1, 2015 at 4:21 AM, Fyodorov "Bga" Alexander < bga.email at gmail.com> wrote:> Whole /proc is serious security risk for me. Why? >You'll have to ask your system libraries that question, since it is them that are querying /proc. Your extra chrooting is forcing even the root-level actions (socket connections, etc) to be chrooted, not just the user actions (transfers and such). So, either the libraries have changed in what they decide to look for in the environment or an additional library call in the more modern rsync is triggering that check. Nothing in rsync uses /proc. ..wayne.. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.samba.org/pipermail/rsync/attachments/20150802/2b80faa6/attachment.html>
Fyodorov "Bga" Alexander wrote:> Hi. Thanks for good program. > > Whole /proc is serious security > risk for me. Why?---- You could run rsync in a separate namespace (container) and only mount /proc in the new namespace -- other users wouldn't see it.. Bunch of tools 'lxc-xxxxx' URL : http://linuxcontainers.org/ Summary : Userspace tools for the Linux kernel containers Description : It provides commands to create and manage containers. It contains a full featured container with the isolation/virtualization of the pids, the ipc, the utsname, the mount points, /proc, /sys, the network and it takes into account the control groups. It is very light, flexible, and provides a set of tools around the container like the monitoring with asynchronous events notification, or the freeze of the container. This package is useful to create Virtual Private Server, or to run isolated applications like bash or sshd.