connections (this fixes the stderr/stdout problem). Upped
protocol version for backward compat
- use multiplexing on error fd
- upped minimal protocol version
- got rid of some ugly code in the write buffering
ssh clag problems as long as you also fix the same problem in sshd
removed all the old read buffering code from io.c as this was only
there to try to reduce the chance of clagging up sshd.
clients when writing to a rsync server
it works like this:
- we have an extra pipe from the receiver to the generator
- the server always runs with multiplexing on
- errors from the generator go down the multiplexed connection
- errors from the receiver go over the pipe, and from there to
the multiplexed conn
it required some incredibly ugly code. damn.
other access resulted in group and other access being left off when the
'-p' option was not used. This fixes it by reintroducing the ACCESSPERMS
mask and setting permissions to (file->mode & ACCESSPERMS) if preserve_perms
is off. I decided to change the mask INITPERMMASK to INITACCESSPERMS at
the same time. When preserve_perms is off, rsync is restored to the
previous behavior of having the permissions of the original file with the
umask and setuid/setgid bits shut off.
Also, I decided that a check for "(updated && (file->mode & ~ACCESSPERMS))"
is no longer needed since as far as I can tell that would have only affected
permissions when not running as root and when a chgrp was done to a group
the user was not a member of, using system V chgrp semantics. This is no
longer allowed.
an obscure race-condition security hole where a file may for a short time
have the wrong group. Could have used 707 instead but that's just too weird
of a permission. The define name used to be ACCESSPERMS but that is defined
as 777 on Linux, so changed the name to INITPERMMASK.
slashes. The old behavior of crossing slashes can be achieved by using a
double-asterisk ('**') anywhere in a pattern. Note that this can change
some existing exclude patterns in a subtle way. Also note that if the
remote side is an older release the processing on the two sides might not
be exactly the same when there's no double-asterisk, which can affect which
files are excluded from deletion, but they're close enough that people will
probably not notice. I considered changing the protocol version and
checking the remote_version number to ensure the same processing on both
sides, but the exclude patterns are pre-processed before the remote version
number is known and it's just not worth going through extraordinary efforts.
Suggested by Cameron Simpson <cs@zip.com.au>
instead of 200. Move the defines of True and False to rsync.h. Eliminate
the defines of BOOL in loadparm.c and params.c because it is already
defined in rsync.h. Changes suggested by Roman Gollent roman.gollent@wdr.com
Jason Andrade convinced me to add ftpd style logging of transfers,
enabled with a "transfer logging" option in rsyncd.conf
you can customise the format in log.c
temporary files were being created with the same permissions as the
original file. So if the file was setuid but not owned by the user
doing the transfer then there was a window of opportunity for a
malicious user to execute it with the wrong permissions while it was
being transferred.
Thanks to snabb@epipe.fi for pointing this out.
