turns out that when client is talking to a server daemon it never executes
this leg of code. Oops. The people who said it made a difference when
they changed the code must have been wrong.
connections (this fixes the stderr/stdout problem). Upped
protocol version for backward compat
- use multiplexing on error fd
- upped minimal protocol version
- got rid of some ugly code in the write buffering
clients when writing to a rsync server
it works like this:
- we have an extra pipe from the receiver to the generator
- the server always runs with multiplexing on
- errors from the generator go down the multiplexed connection
- errors from the receiver go over the pipe, and from there to
the multiplexed conn
it required some incredibly ugly code. damn.
1. The file paths being sent and received were not "sanitized" to
ensure that there weren't any ".." components that would escape the
top level directory. This can't happen with the standard rsync
client, but it could be exploited on both read and write if someone
modified an rsync client. This fix sanitizes all incoming and
outgoing paths when "use chroot = no".
2. If a module is also "read only = no", clients could have created
symbolic links with ".." components that would allow writing
outside of the module. This could happen with the standard rsync
client. This fix sanitizes all incoming symbolic link targets
when "use chroot = no".
Previously, only top-level paths (anything passed in command line arguments)
were sanitized. Sorry, I didn't think about the individual file paths
before now.
The reason for that is that on SVR2-based UTS 2.1.2 (which along with many
other old systems implements getcwd by forking "pwd") getcwd hangs when
called when other child processes are running.
I also added a quick return from push_dir if name == NULL so it doesn't
actually have to chdir anywhere when just initializing.
An initializing call to push_dir("/",0) had previously been put in at the
beginning of daemon_main() to avoid calling getcwd after a chroot, but
since that is no longer I needed I removed it and changed the call to
chdir("/") after chroot into a push_dir("/",0) so it will remember the
correct current directory.
to be ignored. At the same time, change the "uid =" and "gid =" options to
be ignored when not running the daemon as super-user, to make it more
convenient for those people and to make it portable to systems such as
cygwin which don't support the uid/gid notions.
to disable the use of chroot so rsync --daemon can be run as a non-root
user (if a non-privileged --port is used). The latter allows one to
specify a file in which to write the process id of the daemon, which is
useful when rsync --daemon is not run from inetd.
messages from the server when using the socket code.
I've doen a fair bit of testing and I don't seem to have broken
anything, but it is a very complex change. More testing needed!
