diff options
| author | David Dykstra <dwd@samba.org> | 1999-03-01 21:22:54 +0000 |
|---|---|---|
| committer | David Dykstra <dwd@samba.org> | 1999-03-01 21:22:54 +0000 |
| commit | 5afd8aedce004cc11700285c16ea84f1e857d473 (patch) | |
| tree | df5f66754bd4510b3a194f1b007e8214f437d185 | |
| parent | 86692050b54b16e5b289ddeacbb59f890455cca7 (diff) | |
| download | rsync-5afd8aedce004cc11700285c16ea84f1e857d473.tar.gz | |
Change the mask used when creating temporary files from 777 to 700, to prevent
an obscure race-condition security hole where a file may for a short time
have the wrong group. Could have used 707 instead but that's just too weird
of a permission. The define name used to be ACCESSPERMS but that is defined
as 777 on Linux, so changed the name to INITPERMMASK.
| -rw-r--r-- | receiver.c | 4 | ||||
| -rw-r--r-- | rsync.c | 4 | ||||
| -rw-r--r-- | rsync.h | 7 |
3 files changed, 8 insertions, 7 deletions
@@ -414,12 +414,12 @@ int recv_files(int f_in,struct file_list *flist,char *local_name,int f_gen) the lchown. Thanks to snabb@epipe.fi for pointing this out */ fd2 = do_open(fnametmp,O_WRONLY|O_CREAT|O_EXCL, - file->mode & ACCESSPERMS); + file->mode & INITPERMMASK); if (fd2 == -1 && relative_paths && errno == ENOENT && create_directory_path(fnametmp) == 0) { fd2 = do_open(fnametmp,O_WRONLY|O_CREAT|O_EXCL, - file->mode & ACCESSPERMS); + file->mode & INITPERMMASK); } if (fd2 == -1) { rprintf(FERROR,"cannot create %s : %s\n",fnametmp,strerror(errno)); @@ -202,7 +202,7 @@ int set_perms(char *fname,struct file_struct *file,STRUCT_STAT *st, #ifdef HAVE_CHMOD if (preserve_perms && !S_ISLNK(st->st_mode) && (st->st_mode != file->mode || - (updated && (file->mode & ~ACCESSPERMS)))) { + (updated && (file->mode & ~INITPERMMASK)))) { updated = 1; if (do_chmod(fname,file->mode) != 0) { rprintf(FERROR,"failed to set permissions on %s : %s\n", @@ -260,7 +260,7 @@ void finish_transfer(char *fname, char *fnametmp, struct file_struct *file) if (errno == EXDEV) { /* rename failed on cross-filesystem link. Copy the file instead. */ - if (copy_file(fnametmp,fname, file->mode & ACCESSPERMS)) { + if (copy_file(fnametmp,fname, file->mode & INITPERMMASK)) { rprintf(FERROR,"copy %s -> %s : %s\n", fnametmp,fname,strerror(errno)); } else { @@ -462,9 +462,10 @@ extern int errno; #define IS_DEVICE(mode) (S_ISCHR(mode) || S_ISBLK(mode) || S_ISSOCK(mode) || S_ISFIFO(mode)) -#ifndef ACCESSPERMS -#define ACCESSPERMS 0777 -#endif +/* Initial mask on permissions given to temporary files. Mask off setuid + bits and group access because of potential race-condition security + holes, and mask other access because mode 707 is bizarre */ +#define INITPERMMASK 0700 /* handler for null strings in printf format */ #define NS(s) ((s)?(s):"<NULL>") |