the file if the file has the setuid or setgid bits set as the chown
has a side effect of removing the setuid and setgid bits.
we re-do the stat in this case
was not preserving group permisions. Bug was introduced March 1 in
version 1.100 of rsync.c with an error in re-ordering of the boolean
expressions. In order to completely preserve the earlier semantics,
change_gid should depend on "(am_root || !am_daemon)", but I don't see why
group ownership should behave differently in a non-root daemon.
other access resulted in group and other access being left off when the
'-p' option was not used. This fixes it by reintroducing the ACCESSPERMS
mask and setting permissions to (file->mode & ACCESSPERMS) if preserve_perms
is off. I decided to change the mask INITPERMMASK to INITACCESSPERMS at
the same time. When preserve_perms is off, rsync is restored to the
previous behavior of having the permissions of the original file with the
umask and setuid/setgid bits shut off.
Also, I decided that a check for "(updated && (file->mode & ~ACCESSPERMS))"
is no longer needed since as far as I can tell that would have only affected
permissions when not running as root and when a chgrp was done to a group
the user was not a member of, using system V chgrp semantics. This is no
longer allowed.
as calculated by the configure macro AC_TYPE_GETGROUPS. Without that, it
doesn't work properly on systems like sunos 4 where gid_t is defined to
be an unsigned short but getgroups is defined to return an array of integers.
an obscure race-condition security hole where a file may for a short time
have the wrong group. Could have used 707 instead but that's just too weird
of a permission. The define name used to be ACCESSPERMS but that is defined
as 777 on Linux, so changed the name to INITPERMMASK.
does not belong to, in these two ways:
1. If a group mapping doesn't exist for a group name, do not preserve
it for a non-root receiver. This is especially evident with the
sender is a daemon using chroot because then no mappings are
available.
2. Before setting the group on a file make sure that it is in the list
of groups returned by getgroups(). The same thing is done by chgrp
on systems that support bsd-style chown/chgrp, and this enforces
that it happens the same way on all systems. Overhead is very
little, especially since most systems don't allow more then 16
groups per user.
when -p (preserve permissions) isn't set.
It works by taking the sending file permissions and masking them with
the umask to create the destination file permissions. (There is really
no "correct" way of doing this but at least we now behave like GNU cp
which fits the principle of least surprise.)
also fixed a race condition in copy_file()
this prevents a second interrupted transfer from reducing the size of
the transferred file.
- set SIGUSR1 to SIG_IGN early to prevent a race condition that
prevents the --partial code from working properly
temporary files were being created with the same permissions as the
original file. So if the file was setuid but not owned by the user
doing the transfer then there was a window of opportunity for a
malicious user to execute it with the wrong permissions while it was
being transferred.
Thanks to snabb@epipe.fi for pointing this out.
