Package: rdiff-backup
Version: 1.1.5-3~bpo.1
Severity: important
Tags: patch
I have discovered a serious bug in rdiff-backup 1.1.5-3~bpo.1 were, when
creating a backup as a none root user on the backup repository side,
rdiff-backup fails to backup device files and possibly other special files.
When rdiff-backup fails in this case it reports no errors and exits cleanly,
giving the user the false impression that the backup was successful. Because
this may result in data lose when a recover is attempted you may want to raise
the seriousness of this bug.
Normally the read end usually needs root privilages to read and send special
files for backup, but I have created a test case were this is not neccessary.
I have created and attatched a test case script that demonstrates the bug, and
a patch to overcome it.
Brian McDonald
-----------------------
The following is a scrit that demonstrates the flaw.
cat test_case.sh
#!/bin/sh
# A script to demonstrate a bug in rdiff-backup where it fails to backup device
# files when the backup writing end is not run as root.
# 061024 version 1
usage () {
echo
echo "You need to launch this script as root for the demonstration to run
correctly. It will switch to the specified user when necessary.
test_case.sh takes one argument, the name of an unprivileged user to run as
when creating the backup.
test_case.sh <user>
example: su -c '/path/to/test_case.sh rdiffbkup'
or as root: /path/to/test_case.sh rdiffbkup
were rdiffbkup is a user without root privileges that can run rdiff-backup and
has read/write privileges in /tmp/.
"
exit 69
}
[ `id -u` != 0 ] && usage
[ $# != 1 ] && usage
cd /tmp/
echo
read -p "test_case.sh is about to remove /tmp/foo and /tmp/bar
Do you wish to continue? [y|anything else to quit]" ANS
echo
[ "$ANS" != "y" ] && { echo "You decided to quit." ; exit 69 ; }
rm -rf --preserve-root /tmp/foo /tmp/bar
echo "Source and target directories, if they existed, have been removed."
echo
mkdir -vm 755 /tmp/foo
dd if=/dev/urandom of=/tmp/foo/testfile bs=1K count=1
chmod -v --preserve-root o+r /tmp/foo/testfile
cp -a /dev/null /tmp/foo/
ls -la /tmp/foo
echo
echo "A new source directory has been set up."
echo
echo "Backing up /tmp/foo as user \"$1\"."
echo
echo "su -m -c 'rdiff-backup --terminal-verbosity 2 --verbosity 9
--print-statistics ::/tmp/foo /tmp/bar' \"$1\""
su -m -c 'rdiff-backup --terminal-verbosity 2 --verbosity 9 \
--print-statistics ::/tmp/foo /tmp/bar' "$1"
echo
echo "You can visually scan the preceding output for 'UpdateError' and also
notice rdiff-backup reported that it completed with 'Errors 0'."
echo
read -p "test_case.sh can list the contents of '/tmp/bar' and the metedata file
so you can examine them for the presence of '/dev/null' and its metedata.
NOTE: You can also examine the files in '/tmp/bar/rdiff-backup-data/' after this
script has completed.
Do you wish to continue? [y|anything else to quit]" ANS
echo
[ "$ANS" != "y" ] && { echo "You decided to quit." ; exit 69 ; }
echo 'ls -al /tmp/bar/*'
ls -al /tmp/bar/*
echo
zcat /tmp/bar/rdiff-backup-data/mirror_metadata*
exit 0
-----------------
The following is a patch that repairs the flaw.
cat rpath.py.patch
--- rpath.py.bkup 2005-12-31 21:46:05.000000000 -0500
+++ rpath.py 2006-10-24 15:27:17.844217400 -0400
@@ -343,9 +343,11 @@
"""
for key in self.data.keys(): # compare dicts key by key
if key in ('uid', 'gid', 'uname', 'gname'): pass
- elif (key == 'type' and self.isspecial() and
+ elif ((key == 'devnums' or key == 'type') and
self.isspecial() and
other.isreg() and other.getsize() == 0):
- pass # Special files may be replaced with empty
regular files
+ pass # Device and other special files may be
replaced
+ # with empty regular files and in the case
of device
+ # files they therfore won't have the
'devnums' key set
elif key == 'atime' and not Globals.preserve_atime: pass
elif key == 'ctime': pass
elif key == 'devloc' or key == 'nlink': pass
*** /home/brian/.reportbug.sig
NOTE: Due to debian.org's inadequate measures to prevent email address
harvesting from bugs.debian.org, you must include "Bug#", without the
quotes, in the subject of any email that you wish to send me directly.
Automated messages sent by the emial list daemon already do this.
Thank You.
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (470, 'testing'), (460, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-3-686
Locale: LANG=en_CA, LC_CTYPE=en_CA (charmap=ISO-8859-1)
Versions of packages rdiff-backup depends on:
ii libc6 2.3.2.ds1-22sarge4 GNU C Library: Shared libraries an
ii librsync1 0.9.7-1 Library which implements the rsync
ii python 2.3.5-2 An interactive high-level object-o
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
