When using fake-super mode in an rsync receiver, anything that's neither a file nor a directory (e.g. devices, symlinks, etc) is converted into a file, and properties such as original ownership, filetype, and permissions are stored in a specific extended attribute.
In the case of a symlink, the contents of the link are stored in a plain file. The original mode of the symlink is normally irrelevant, because (Linux) hosts ignore a symlink's mode and use that of the target instead. But in fake-super mode, the original mode of the link itself (usually 0120777) is used to set the permissions on the receiver's plain-file copy. This results in the copy being world-writable. If this plain file is altered and then transferred back to the origin, the resulting symlink can point to an arbitrary path, which leads to potential security issues. Example: This was first observed in version 3.1.1 on kubuntu, but is still the same in version 3.1.3 as of 28 Jan 2018. See also Storing-ownership-device-nodes-without-root <http://samba.2283325.n4.nabble.com/Storing-ownership-device-nodes-without-root-td2503256.html#a2503261> .Dave. -- Sent from: http://samba.2283325.n4.nabble.com/Samba-rsync-f2500462.html -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html