Full Disclosure mailing list archives
Re: File system recursion and symlinks: A never-ending story (and how to bring it to an end for me)
From: halfdog <me () halfdog net>
Date: Tue, 31 May 2011 11:24:35 +0000
coderman wrote:
On Mon, May 30, 2011 at 9:22 PM, Andrew Farmer <andfarm () gmail com> wrote:... You'd think so, but it turns out that --safe-links only affects symlinks *within* the tree being synced.sure. i should have pointed out the -L in there - that's the one that will prevent the condition you describe. --safe-links is simply another good practice by default. also, don't rsync from arbitrary locations that differ from backup and restore. use include-files or exclude-files to control what you care about... (we could go on like this, if you like. for example, extended attributes. your turn. ;)
My manpage says -L and --safe-links is the same, but using both for testing. # -a is -rlptgoD, only use -r (recursive) -p (preserve perms), # -t (preserve timestamps), -g (preserve group), -o (preserve owner), # not adding -l (copy links) and -D (preserve devices) So test case is, should that be save? rsync -L --safe-links -rptgo xxx/test/root /home/test Still creates arbitrary files outside /home/test, when user test wants it to. Creation of /etc/cron.d/xxxxbad does not work, since crond will not accept the file when uid!=0. But adding of backdoor ls in /sbin is ok, so root will use that because earlier in PATH. (uid=0 bash does not care calling executables with uid!=0 if in PATH) -- http://www.halfdog.net/ PGP: 156A AE98 B91F 0114 FE88 2BD8 C459 9386 feed a bee _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: File system recursion and symlinks: A never-ending story (and how to bring it to an end for me), (continued)
- Re: File system recursion and symlinks: A never-ending story (and how to bring it to an end for me) coderman (May 30)
- Re: File system recursion and symlinks: A never-ending story (and how to bring it to an end for me) Andrew Farmer (May 30)
- Re: File system recursion and symlinks: A never-ending story (and how to bring it to an end for me) coderman (May 30)
- Re: File system recursion and symlinks: A never-ending story (and how to bring it to an end for me) coderman (May 30)
- [Security Tool] INSECT Pro 2.6.1 is here Juan Sacco (May 30)
- Re: [Security Tool] INSECT Pro 2.6.1 is here Jeff Blaum (May 31)
- Re: [Security Tool] INSECT Pro 2.6.1 is here Peter Osterberg (May 31)
- Re: [Security Tool] INSECT Pro 2.6.1 is here ichib0d crane (May 31)
- Re: File system recursion and symlinks: A never-ending story (and how to bring it to an end for me) Andrew Farmer (May 30)
- Re: File system recursion and symlinks: A never-ending story (and how to bring it to an end for me) Valdis . Kletnieks (May 31)
- Re: File system recursion and symlinks: A never-ending story (and how to bring it to an end for me) coderman (May 30)
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Re: File system recursion and symlinks: A never-ending story (and how to bring it to an end for me) halfdog (May 31)
- Message not available
- Message not available
- Message not available
- Message not available
- Re: File system recursion and symlinks: A never-ending story (and how to bring it to an end for me) halfdog (May 31)
- Re: File system recursion and symlinks: A never-ending story (and how to bring it to an end for me) coderman (May 30)