On Tue 13 Aug 2013, Matthias Schniedermeyer wrote:
> On 13.08.2013 09:52, Paul Slootman wrote:
> > On Tue 13 Aug 2013, Sherin A wrote:
> >
> > > But if a user create a
> > > hard link to /etc/shadow from his home dir , and he request a restore ,
> > > then he can read the shadow files and decrypt it .
> >
> > If he can make a HARD link to the shadow file, then he can already read
> > it - and worse.
>
> No.
My mistake for assuming that people run current linux kernels...
/proc/sys/fs/protected_hardlinks (since Linux 3.6)
When the value in this file is 0, no restrictions are placed on
the creation of hard links (i.e., this is the historical behavā
iour before Linux 3.6). When the value in this file is 1, a
hard link can be created to a target file only if one of the
following conditions is true:
I would suggest that upgrading the kernel is a better solution for the
OP than patching rsync. If your backup strategy involves backuping up
files as root to a medium that is readable by everyone so that the link
in the user's home directory is restorable as the user, then there are
more problems waiting to happen besides this...
Paul
--
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
