Matt McCutchen's Web Site / rsync / rsync.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add a new daemon security option: "munge symlinks".
[rsync/rsync.git] / clientserver.c
diff --git a/clientserver.c b/clientserver.c
index 9207b1a..cb17438 100644 (file)
--- a/clientserver.c
+++ b/clientserver.c
@@ -58,6 +58,7 @@ extern char curr_dir[];
 char *auth_user;
 int read_only = 0;
 int module_id = -1;
+int munge_symlinks = 0;
 struct chmod_mode_struct *daemon_chmod_modes;
 
 /* module_dirlen is the length of the module_dir string when in daemon
@@ -624,6 +625,18 @@ static int rsync_module(int f_in, int f_out, int i, char *addr, char *host)
                sanitize_paths = 1;
        }
 
+       if ((munge_symlinks = lp_munge_symlinks(i)) < 0)
+               munge_symlinks = !use_chroot;
+       if (munge_symlinks) {
+               STRUCT_STAT st;
+               if (stat(SYMLINK_PREFIX, &st) == 0 && S_ISDIR(st.st_mode)) {
+                       rprintf(FLOG, "Symlink munging is unsupported when a %s directory exists.\n",
+                               SYMLINK_PREFIX);
+                       io_printf(f_out, "@ERROR: daemon security issue -- contact admin\n", name);
+                       exit_cleanup(RERR_UNSUPPORTED);
+               }
+       }
+
        if (am_root) {
                /* XXXX: You could argue that if the daemon is started
                 * by a non-root user and they explicitly specify a
Matt McCutchen's repository for rsync, the fast and versatile remote file copier