Please, help me understand if 'use chroot' option in daemon config is
secure enough.
Rsync manual has following lines:
As an additional safety feature, you can specify a dot-dir in the
module's
"path" to indicate the point where the chroot should occur. This
allows rsync
to run in a chroot with a non-"/" path for the top of the transfer
hierarchy.
Doing this guards against unintended library loading (since those
absolute
paths will not be inside the transfer hierarchy unless you have used
an unwise
pathname), and lets you setup libraries for the chroot that are
outside of the
transfer. For example, specifying "/var/rsync/./module1" will
chroot to the
"/var/rsync" directory and set the inside-chroot path to
"/module1". If you
had omitted the dot-dir, the chroot would have used the whole path,
and the
inside-chroot path would have been "/".
It *implies* that there could be a situation when rsync (in daemon mode)
loads some libraries *after* doing chroot system call. But is this
really possible?
when stracing rsync daemon, I see no attempts to load libraries after
calling chroot:
[pid 42312] geteuid() = 0
[pid 42312] chroot("/var/lib/mysql/") = 0
[pid 42312] chdir("/") = 0
[pid 42312] setgid(0) = 0
[pid 42312] setgroups(1, [0]) = 0
[pid 42312] setuid(0) = 0
[pid 42312] setresuid(-1, 0, -1) = 0
[pid 42312] geteuid() = 0
--
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
