aboutsummaryrefslogtreecommitdiffstats
path: root/net/rsync/files
diff options
context:
space:
mode:
authoreik <eik@FreeBSD.org>2004-08-12 18:45:27 +0800
committereik <eik@FreeBSD.org>2004-08-12 18:45:27 +0800
commit93bb18c1444b6da8afee9d25b749c050e5352fc3 (patch)
tree0efcf56dce75e3650f5ba1fbf5aa56c4b639ec24 /net/rsync/files
parent0597886e6bba360e58927259ea72ec2b0585777f (diff)
downloadfreebsd-ports-gnome-93bb18c1444b6da8afee9d25b749c050e5352fc3.tar.gz
freebsd-ports-gnome-93bb18c1444b6da8afee9d25b749c050e5352fc3.tar.zst
freebsd-ports-gnome-93bb18c1444b6da8afee9d25b749c050e5352fc3.zip
fix security hole in non-chroot rsync daemon.
<http://www.freebsd.org/ports/portaudit/2689f4cb-ec4c-11d8-9440-000347a4fa7d.html>
Diffstat (limited to 'net/rsync/files')
-rw-r--r--net/rsync/files/patch-backup.c48
-rw-r--r--net/rsync/files/patch-flist.c1
-rw-r--r--net/rsync/files/patch-generator.c23
-rw-r--r--net/rsync/files/patch-util.c15
-rw-r--r--net/rsync/files/rsyncd.sh29
5 files changed, 100 insertions, 16 deletions
diff --git a/net/rsync/files/patch-backup.c b/net/rsync/files/patch-backup.c
new file mode 100644
index 000000000000..db279de66bd9
--- /dev/null
+++ b/net/rsync/files/patch-backup.c
@@ -0,0 +1,48 @@
+#
+# fix --backup-dir
+# <http://lists.samba.org/archive/rsync/2004-May/009395.html>
+#
+--- backup.c 13 Mar 2004 20:18:03 -0000 1.28
++++ backup.c 4 May 2004 03:06:52 -0000
+@@ -169,8 +169,9 @@ static int keep_backup(char *fname)
+ /* Check to see if this is a device file, or link */
+ if (IS_DEVICE(file->mode)) {
+ if (am_root && preserve_devices) {
+- make_bak_dir(backup_dir_buf);
+- if (do_mknod(backup_dir_buf, file->mode, file->u.rdev) != 0) {
++ if (do_mknod(backup_dir_buf, file->mode, file->u.rdev) < 0
++ && (errno != ENOENT || make_bak_dir(backup_dir_buf) < 0
++ || do_mknod(backup_dir_buf, file->mode, file->u.rdev) < 0)) {
+ rprintf(FERROR, "mknod %s failed: %s\n",
+ full_fname(backup_dir_buf), strerror(errno));
+ } else if (verbose > 2) {
+@@ -186,10 +187,14 @@ static int keep_backup(char *fname)
+
+ if (!kept && S_ISDIR(file->mode)) {
+ /* make an empty directory */
+- make_bak_dir(backup_dir_buf);
+- do_mkdir(backup_dir_buf, file->mode);
+- ret_code = do_rmdir(fname);
++ if (do_mkdir(backup_dir_buf, file->mode) < 0
++ && (errno != ENOENT || make_bak_dir(backup_dir_buf) < 0
++ || do_mkdir(backup_dir_buf, file->mode) < 0)) {
++ rprintf(FINFO, "mkdir %s failed: %s\n",
++ full_fname(backup_dir_buf), strerror(errno));
++ }
+
++ ret_code = do_rmdir(fname);
+ if (verbose > 2) {
+ rprintf(FINFO, "make_backup: RMDIR %s returns %i\n",
+ full_fname(fname), ret_code);
+@@ -207,8 +212,9 @@ static int keep_backup(char *fname)
+ }
+ kept = 1;
+ }
+- make_bak_dir(backup_dir_buf);
+- if (do_symlink(file->u.link, backup_dir_buf) != 0) {
++ if (do_symlink(file->u.link, backup_dir_buf) < 0
++ && (errno != ENOENT || make_bak_dir(backup_dir_buf) < 0
++ || do_symlink(file->u.link, backup_dir_buf) < 0)) {
+ rprintf(FERROR, "link %s -> %s : %s\n",
+ full_fname(backup_dir_buf), file->u.link, strerror(errno));
+ }
diff --git a/net/rsync/files/patch-flist.c b/net/rsync/files/patch-flist.c
index a3c92a756169..78fc767b30d1 100644
--- a/net/rsync/files/patch-flist.c
+++ b/net/rsync/files/patch-flist.c
@@ -21,4 +21,3 @@
lastdir_len = -1;
if (strlcpy(thisname, fname, sizeof thisname)
-
diff --git a/net/rsync/files/patch-generator.c b/net/rsync/files/patch-generator.c
new file mode 100644
index 000000000000..aad06f9a9a7d
--- /dev/null
+++ b/net/rsync/files/patch-generator.c
@@ -0,0 +1,23 @@
+#
+# fix --read-batch
+# <http://lists.samba.org/archive/rsync/2004-May/009404.html>
+#
+--- generator.c.orig Thu Apr 15 18:55:23 2004
++++ generator.c Wed May 12 13:55:13 2004
+@@ -46,6 +46,7 @@
+ extern int whole_file;
+ extern int local_server;
+ extern int write_batch;
++extern int read_batch;
+ extern int list_only;
+ extern int only_existing;
+ extern int orig_umask;
+@@ -213,7 +214,7 @@
+ {
+ if (whole_file > 0)
+ return True;
+- if (whole_file == 0 || write_batch)
++ if (whole_file == 0 || write_batch || read_batch)
+ return False;
+ return local_server;
+ }
diff --git a/net/rsync/files/patch-util.c b/net/rsync/files/patch-util.c
new file mode 100644
index 000000000000..485e1092c690
--- /dev/null
+++ b/net/rsync/files/patch-util.c
@@ -0,0 +1,15 @@
+#
+# fix security hole in non-chroot rsync daemon
+# <http://lists.samba.org/archive/rsync-announce/2004/000017.html>
+#
+--- orig/util.c 2004-04-27 12:59:37 -0700
++++ util.c 2004-08-11 23:37:27 -0700
+@@ -743,7 +743,7 @@
+ allowdotdot = 1;
+ } else {
+ p += 2;
+- if (*p == '/')
++ while (*p == '/')
+ p++;
+ if (sanp != start) {
+ /* back up sanp one level */
diff --git a/net/rsync/files/rsyncd.sh b/net/rsync/files/rsyncd.sh
index 28a85e8bef02..b86b09e12543 100644
--- a/net/rsync/files/rsyncd.sh
+++ b/net/rsync/files/rsyncd.sh
@@ -3,32 +3,31 @@
# $FreeBSD$
#
-# PROVIDE: rsyncd
+# PROVIDE: %%NAME%%
# REQUIRE: LOGIN
+# BEFORE: securelevel
# KEYWORD: FreeBSD shutdown
+# Add the following line to /etc/rc.conf to enable `%%NAME%%':
#
-# Add the following lines to /etc/rc.conf to enable rsyncd:
+#%%NAME%%_enable="YES"
#
-#rsyncd_enable="YES"
-#
-# See rsync(1) for flags
+# See rsync(1) for %%NAME%%_flags
#
-. %%RC_SUBR%%
+. "%%RC_SUBR%%"
-name=rsyncd
+name="%%NAME%%"
rcvar=`set_rcvar`
-command=%%PREFIX%%/bin/rsync
+command="%%PREFIX%%/bin/rsync"
command_args="--daemon"
-pidfile=/var/run/${name}.pid
-required_files=%%PREFIX%%/etc/${name}.conf
-
-# set defaults
+pidfile="/var/run/$name.pid"
+required_files="%%PREFIX%%/etc/$name.conf"
-rsyncd_enable=${rsyncd_enable:-"NO"}
-rsyncd_flags=${rsyncd_flags:-""}
+# read configuration and set defaults
+load_rc_config "$name"
+: ${%%NAME%%_enable="NO"}
+: ${%%NAME%%_flags=""}
-load_rc_config ${name}
run_rc_command "$1"
generated by cgit (git 2.34.1) at 2024-11-08 13:52:24 +0800