hjp
/
simba
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

Fixed equality checking for setuid files. 

Setuid files are now stored as setuid which means that the backup volume
should be mounted nosuid or even noexec unless you trust all your
clients.
This commit is contained in:
hjp 2009-06-28 20:24:18 +00:00
parent b699d9b65f
commit b8210f431e
3 changed files with 21 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Notes
View File

@ -61,8 +61,6 @@ Tape performance:
About 5-6 MB/s for /dev/nst0, @ 64 kB Blocksize. (larger bs makes no About 5-6 MB/s for /dev/nst0, @ 64 kB Blocksize. (larger bs makes no
difference). File was about 26 MB, 75% compressible with gzip. difference). File was about 26 MB, 75% compressible with gzip.
Equality checking doesn't work for setuid files.
exit if disk full exit if disk full
On my 800 MHz PIII, the CPU usage is rather high. Some profiling seems On my 800 MHz PIII, the CPU usage is rather high. Some profiling seems

16
lib/Simba/CA.pm
View File

@ -292,8 +292,8 @@ sub setmeta {
$self->log(3, "$fn is tainted!") if tainted($fn); $self->log(3, "$fn is tainted!") if tainted($fn);
my $mode = $self->acl2mode($f); my $mode = $self->acl2mode($f);
$self->log(3, "$mode is tainted!") if tainted($mode); $self->log(3, "$mode is tainted!") if tainted($mode);
chmod($mode, $fn);
chown($self->name2uid($f->{o}), $self->name2gid($f->{g}), $fn); chown($self->name2uid($f->{o}), $self->name2gid($f->{g}), $fn);
chmod($mode, $fn);
utime(time, $f->{m}, $fn); utime(time, $f->{m}, $fn);
} }
@ -597,11 +597,15 @@ sub store_file {
if ($header =~ /^data (.*)/) { if ($header =~ /^data (.*)/) {
my $f2 = $self->parse($1); my $f2 = $self->parse($1);
my $backup_filename = "$self->{this_backup}/$f->{name}"; my $backup_filename = "$self->{this_backup}/$f->{name}";
# XXX - should not die unconditionally. At least some errors my $file_bfd;
# (e.g. "File name too long") are almost certainly specific to unless (open($file_bfd, '>:raw', $backup_filename)) {
# single files. We should report the error and continue with the $self->log(5, "cannot open backup file $backup_filename: $!");
# next file. # There may be some errors from which we can recover, e.g., for
open(my $file_bfd, '>:raw', $backup_filename) or die "cannot open backup file $backup_filename: $!"; # "File name too long" we could just shorten the file name. But for
# now we just skip the file:
$self->close_file_connection;
return 0;
}
my $size = $f2->{s}; my $size = $f2->{s};
my $err; my $err;
my $sha1 = Digest::SHA1->new; my $sha1 = Digest::SHA1->new;

11
t/02_ca.t
View File

@ -42,16 +42,27 @@ SKIP: {
print $fh "test\n"; print $fh "test\n";
close($fh); close($fh);
open $fh, '>:raw', '/var/tmp/simba_test/d2/f3';
print $fh "#!/bin/sh\n";
chmod(04511, $fh);
close($fh);
$ca->run(); $ca->run();
my $this_backup = $ca->{this_backup}; my $this_backup = $ca->{this_backup};
my $st1 = lstat("$this_backup/d1/f1"); my $st1 = lstat("$this_backup/d1/f1");
ok($st1, "file 1 exists"); ok($st1, "file 1 exists");
is($st1->nlink, 2, "file 1 has 2 links"); is($st1->nlink, 2, "file 1 has 2 links");
my $st2 = lstat("$this_backup/d2/f2"); my $st2 = lstat("$this_backup/d2/f2");
ok($st2, "file 2 exists"); ok($st2, "file 2 exists");
is($st2->nlink, 2, "file 2 has 2 links"); is($st2->nlink, 2, "file 2 has 2 links");
is($st1->ino, $st2->ino, , "file 1 and 2 are the same"); is($st1->ino, $st2->ino, , "file 1 and 2 are the same");
my $st3 = lstat("$this_backup/d2/f3");
ok($st3, "file 3 exists");
cmp_ok($st3->mode & 07777, '==', 04511, , "mode of file 3 is correct");
# cleanup # cleanup
system("rm", "-rf", $this_backup); system("rm", "-rf", $this_backup);
$ca->{dbh}->do("delete from versions"); $ca->{dbh}->do("delete from versions");