mirror of
https://github.com/RsyncProject/rsync.git
synced 2026-06-02 19:28:32 -04:00
a277a06b10
Three related codex audit findings: Finding 3a: copy_file()'s source open in util1.c used do_open_nofollow(), which only rejects a final-component symlink. A parent-component symlink (e.g. --copy-dest=cd where cd -> /outside) follows freely and reads outside the module. Route through secure_relative_open() with O_NOFOLLOW. Finding 3b: generator.c's in-place backup-file create still used a bare do_open with O_CREAT, leaving a tiny but reachable parent-symlink window between the secure unlink (already through do_unlink_at) and the create. Add do_open_at() that goes through a secure parent dirfd, and route the call site through it. Finding 3c: copy_file()'s destination open in unlink_and_reopen() had the same bare-do_open pattern; route through do_open_at as well. Adds testsuite/copy-dest-source-symlink.test and testsuite/bare-do-open-symlink-race.test as regression coverage for both attack shapes. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
automatic testsuite for rsync -*- text -*- We're trying to develop some more substantial tests to prevent rsync regressions. Ideally, all code changes or bug reports would come with an appropriate test suite. You can run these tests by typing "make check" in the build directory. The tests will run using the rsync binary in the build directory, so you do not need to do "make install" first. Indeed, you probably should not install rsync before running the tests. If you instead type "make installcheck" then the suite will test the rsync binary from its installed location (e.g. /usr/local/bin/rsync). You can use this to test a distribution build, or perhaps to run a new test suite against an old version of rsync. Note that in accordance with the GNU Standards, installcheck does not look for rsync on the path. If the tests pass, you should see a report to that effect. Some tests require being root or some other precondition, and so will normally not be checked -- look at the test scripts for more information. If the tests fail, you will see rather more output. The scratch directory will remain in the build directory. It would be useful if you could include the log messages when reporting a failure. These tests also run automatically on the build farm, and you can see the results on http://build.samba.org/.