[Bug 15122] Potential vulnerability: rsync creates files outside the target directory
https://bugzilla.samba.org/show_bug.cgi?id=15122 --- Comment #3 from Aditya Basu --- Apologies for the late response. It is definitely a bad idea to mix multi-case systems. However, note that even copying between case-honoring systems can have similar consequences, for ex. case-insensitive (icase) ZFS considers K (unicode kelvin sign) and k (alphabet) to be equivalent while icase ext4 does not. I agree with you analysis of the ordering. However, IMHO traversing symlinks at the target is not a wise choice. An *immediate* fix to this particular issue would be to prevent rsync for traversing symlinks at the target. However, a more *complete* fix should involve detecting collisions and stopping the copy. We're currently exploring different types of defenses for collisions. If you're interested, I will be happy to keep you in the loop. Finally, does it make sense to get a CVE number assigned? -- You are receiving this mail because: You are the QA Contact for the bug. -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
[Bug 15122] Potential vulnerability: rsync creates files outside the target directory
https://bugzilla.samba.org/show_bug.cgi?id=15122 --- Comment #2 from Wayne Davison --- BTW, what happens in the test case you provided is that the generator creates TOPDIR and then TOPDIR/secret dirs before asking the sender to start a transfer of TOPDIR/secret/config. It then goes on to notice that topdir is present (since it uses stat) and that topdir/secret is an empty directory that is in the way of a symlink, so it replaces the dir with a symlink prior to the receiver doing its file-create work. If the topdirs had sorted in the opposite order, the symlink would have been replaced with a directory. -- You are receiving this mail because: You are the QA Contact for the bug. -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
[Bug 15122] Potential vulnerability: rsync creates files outside the target directory
https://bugzilla.samba.org/show_bug.cgi?id=15122 --- Comment #1 from Wayne Davison --- Yes, it's always bad to copy from a case-honoring filesystem to a case-ignoring filesystem as the filenames can overlap. This is something that the user just shouldn't do, as rsync is written to handle case-honoring filesystems. -- You are receiving this mail because: You are the QA Contact for the bug. -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html