diff options
| author | Wayne Davison <wayned@samba.org> | 2007-11-26 21:58:19 -0800 |
|---|---|---|
| committer | Wayne Davison <wayned@samba.org> | 2007-11-27 07:34:59 -0800 |
| commit | 9585b27678ee8b94f2f260e8d8d61ff4381f2fa3 (patch) | |
| tree | 7b558cd608f2b5bdb266e85a7f52040a194ff484 /clientserver.c | |
| parent | 5c77266d9583fdb556be959e453afae82de70e36 (diff) | |
| download | rsync-9585b27678ee8b94f2f260e8d8d61ff4381f2fa3.tar.gz rsync-9585b27678ee8b94f2f260e8d8d61ff4381f2fa3.tar.bz2 rsync-9585b27678ee8b94f2f260e8d8d61ff4381f2fa3.zip | |
Add a new daemon security option: "munge symlinks".
Diffstat (limited to 'clientserver.c')
| -rw-r--r-- | clientserver.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/clientserver.c b/clientserver.c index 9207b1a7..cb17438b 100644 --- a/clientserver.c +++ b/clientserver.c @@ -58,6 +58,7 @@ extern char curr_dir[]; char *auth_user; int read_only = 0; int module_id = -1; +int munge_symlinks = 0; struct chmod_mode_struct *daemon_chmod_modes; /* module_dirlen is the length of the module_dir string when in daemon @@ -624,6 +625,18 @@ static int rsync_module(int f_in, int f_out, int i, char *addr, char *host) sanitize_paths = 1; } + if ((munge_symlinks = lp_munge_symlinks(i)) < 0) + munge_symlinks = !use_chroot; + if (munge_symlinks) { + STRUCT_STAT st; + if (stat(SYMLINK_PREFIX, &st) == 0 && S_ISDIR(st.st_mode)) { + rprintf(FLOG, "Symlink munging is unsupported when a %s directory exists.\n", + SYMLINK_PREFIX); + io_printf(f_out, "@ERROR: daemon security issue -- contact admin\n", name); + exit_cleanup(RERR_UNSUPPORTED); + } + } + if (am_root) { /* XXXX: You could argue that if the daemon is started * by a non-root user and they explicitly specify a |