diff -u -r --new-file --exclude=CVS rsync-2.0.17/cvs.log rsync-2.0.18/cvs.log --- rsync-2.0.17/cvs.log Thu Jun 18 20:30:56 1998 +++ rsync-2.0.18/cvs.log Thu Jun 18 23:28:24 1998 @@ -5680,3 +5680,66 @@ Log Message: preparing for release of 2.0.17 + +**************************************** +Date: Thursday June 18, 1998 @ 22:17 +Author: tridge + +Update of /data/cvs/rsync +In directory samba:/tmp/cvs-serv9138 + +Modified Files: + rsync.c rsync.h +Log Message: +fixed a race condition in rsync that opened a security hole. The +temporary files were being created with the same permissions as the +original file. So if the file was setuid but not owned by the user +doing the transfer then there was a window of opportunity for a +malicious user to execute it with the wrong permissions while it was +being transferred. + +Thanks to snabb@epipe.fi for pointing this out. + + + + +**************************************** +Date: Thursday June 18, 1998 @ 23:06 +Author: rsync-bu + +Update of /data/cvs/rsync +In directory samba:/data/people/rsync-bugs/rsync + +Modified Files: + version.h +Log Message: +preparing for release of 2.0.18 + + +**************************************** +Date: Thursday June 18, 1998 @ 23:06 +Author: rsync-bu + +Update of /data/cvs/rsync/packaging/redhat/5.0 +In directory samba:/data/people/rsync-bugs/rsync/packaging/redhat/5.0 + +Modified Files: + rsync.spec +Log Message: +preparing for release of 2.0.18 + + +**************************************** +Date: Thursday June 18, 1998 @ 23:26 +Author: tridge + +Update of /data/cvs/rsync +In directory samba:/tmp/cvs-serv13791 + +Modified Files: + rsync.c +Log Message: +fixed chmod bug pointed out by Han Holl + + + diff -u -r --new-file --exclude=CVS rsync-2.0.17/packaging/redhat/5.0/rsync.spec rsync-2.0.18/packaging/redhat/5.0/rsync.spec --- rsync-2.0.17/packaging/redhat/5.0/rsync.spec Thu Jun 18 20:30:46 1998 +++ rsync-2.0.18/packaging/redhat/5.0/rsync.spec Thu Jun 18 23:28:13 1998 @@ -1,10 +1,10 @@ Summary: Program for efficient remote updates of files. Name: rsync -Version: 2.0.17 +Version: 2.0.18 Release: 1 Copyright: GPL Group: Applications/Networking -Source: ftp://samba.anu.edu.au/pub/rsync/rsync-2.0.17.tar.gz +Source: ftp://samba.anu.edu.au/pub/rsync/rsync-2.0.18.tar.gz URL: http://samba.anu.edu.au/rsync/ Packager: Andrew Tridgell BuildRoot: /tmp/rsync diff -u -r --new-file --exclude=CVS rsync-2.0.17/rsync.c rsync-2.0.18/rsync.c --- rsync-2.0.17/rsync.c Thu Jun 18 20:30:22 1998 +++ rsync-2.0.18/rsync.c Thu Jun 18 23:27:56 1998 @@ -311,7 +311,8 @@ #ifdef HAVE_CHMOD if (preserve_perms && !S_ISLNK(st->st_mode) && - st->st_mode != file->mode) { + (st->st_mode != file->mode || + (updated && (file->mode & ~ACCESSPERMS)))) { updated = 1; if (do_chmod(fname,file->mode) != 0) { rprintf(FERROR,"failed to set permissions on %s : %s\n", @@ -886,10 +887,18 @@ continue; } - fd2 = do_open(fnametmp,O_WRONLY|O_CREAT|O_EXCL,file->mode); + /* we initially set the perms without the + setuid/setgid bits to ensure that there is no race + condition. They are then correctly updated after + the lchown. Thanks to snabb@epipe.fi for pointing + this out */ + fd2 = do_open(fnametmp,O_WRONLY|O_CREAT|O_EXCL, + file->mode & ACCESSPERMS); + if (fd2 == -1 && relative_paths && errno == ENOENT && create_directory_path(fnametmp) == 0) { - fd2 = do_open(fnametmp,O_WRONLY|O_CREAT|O_EXCL,file->mode); + fd2 = do_open(fnametmp,O_WRONLY|O_CREAT|O_EXCL, + file->mode & ACCESSPERMS); } if (fd2 == -1) { rprintf(FERROR,"open %s : %s\n",fnametmp,strerror(errno)); diff -u -r --new-file --exclude=CVS rsync-2.0.17/rsync.h rsync-2.0.18/rsync.h --- rsync-2.0.17/rsync.h Thu Jun 18 20:30:22 1998 +++ rsync-2.0.18/rsync.h Thu Jun 18 22:20:06 1998 @@ -437,3 +437,6 @@ #define IS_DEVICE(mode) (S_ISCHR(mode) || S_ISBLK(mode) || S_ISSOCK(mode) || S_ISFIFO(mode)) +#ifndef ACCESSPERMS +#define ACCESSPERMS 0777 +#endif diff -u -r --new-file --exclude=CVS rsync-2.0.17/version.h rsync-2.0.18/version.h --- rsync-2.0.17/version.h Thu Jun 18 20:30:45 1998 +++ rsync-2.0.18/version.h Thu Jun 18 23:28:11 1998 @@ -1 +1 @@ -#define VERSION "2.0.17" +#define VERSION "2.0.18"