https://bugzilla.samba.org/show_bug.cgi?id=5457
Summary: Add a client-side --munge-symlinks option
Product: rsync
Version: 3.0.3
Platform: Other
OS/Version: Linux
Status: NEW
Severity: enhancement
Priority: P3
Component: core
AssignedTo: [EMAIL PROTECTED]
ReportedBy: [EMAIL PROTECTED]
QAContact: [EMAIL PROTECTED]
Just as we have worked hard recently to secure daemons from untrusted clients,
I think we should try to secure clients that pull data from untrusted daemons.
One of the easiest ways a daemon could compromise a client is to send a symlink
to a sensitive area and a file under the symlink, e.g., "foo" -> "/home/matt"
and "foo/.ssh/authorized_keys". This is essentially the same exploit that
necessitates symlink munging for not-purely-chroot daemon modules, just turned
around.
I would like to be able to prevent this exploit while still storing some
representation of the daemon's symlinks in the destination. A natural way to
support this would be to add a client-side option --munge-symlinks that munges
received symlinks and unmunges sent symlinks just like the daemon parameter.
(Of course, the prefix "/rsyncd-munged/" isn't quite accurate for a client, but
let's use it anyway for compatibility.) --munge-symlinks would also make it
possible to work around bug 4037 when the receiver is not a daemon.
--
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
--
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
