From: Gabriel Goller <g.goller@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH proxmox-backup] fix #4380: check permissions before entering directory
Date: Fri, 4 Aug 2023 12:02:25 +0200 [thread overview]
Message-ID: <20230804100225.95770-1-g.goller@proxmox.com> (raw)
When creating a backup, we now check if we have the correct permissions
(r,x) before entering a directory. This is mainly to prevent stat() from
failing with EACCESS errors. We also check if the directory contains
non-excluded files and warn the user.
Signed-off-by: Gabriel Goller <g.goller@proxmox.com>
---
pbs-client/src/pxar/create.rs | 47 +++++++++++++++++++++++++++++++++--
1 file changed, 45 insertions(+), 2 deletions(-)
diff --git a/pbs-client/src/pxar/create.rs b/pbs-client/src/pxar/create.rs
index 2577cf98..f2333284 100644
--- a/pbs-client/src/pxar/create.rs
+++ b/pbs-client/src/pxar/create.rs
@@ -638,7 +638,7 @@ impl Archiver {
async fn add_directory<T: SeqWrite + Send>(
&mut self,
encoder: &mut Encoder<'_, T>,
- dir: Dir,
+ mut dir: Dir,
dir_name: &CStr,
metadata: &Metadata,
stat: &FileStat,
@@ -663,9 +663,52 @@ impl Archiver {
skip_contents = !set.contains(&stat.st_dev);
}
}
+ if skip_contents {
+ log::warn!("Skipping mount point: {:?}", self.path);
+ }
+
+ let mode = nix::sys::stat::Mode::from_bits_truncate(stat.st_mode);
+ // if we have read and write permissions on the folder
+ if (!mode.contains(Mode::S_IRUSR) || !mode.contains(Mode::S_IXUSR))
+ && skip_contents == false
+ {
+ skip_contents = true;
+ let mut contains_non_excluded_files = false;
+ if mode.contains(Mode::S_IRUSR) {
+ // check if all children are excluded
+ for file in dir.iter() {
+ let file = file?;
+
+ let file_name = file.file_name().to_owned();
+ let file_name_bytes = file_name.to_bytes();
+ if file_name_bytes == b"." || file_name_bytes == b".." {
+ continue;
+ }
+ let os_file_name = OsStr::from_bytes(file_name_bytes);
+ assert_single_path_component(os_file_name)?;
+ let full_path = self.path.join(os_file_name);
+ let match_path = PathBuf::from("/").join(full_path.clone());
+ if self
+ .patterns
+ .matches(match_path.as_os_str().as_bytes(), Some(stat.st_mode))
+ != Some(MatchType::Exclude)
+ {
+ contains_non_excluded_files = true;
+ break;
+ }
+ }
+ }
+ if contains_non_excluded_files {
+ log::warn!(
+ "Skipping directory: {:?}, access denied (contains non-excluded files)",
+ self.path
+ );
+ } else {
+ log::warn!("Skipping directory: {:?}, access denied", self.path);
+ }
+ }
let result = if skip_contents {
- log::info!("skipping mount point: {:?}", self.path);
Ok(())
} else {
self.archive_dir_contents(&mut encoder, dir, false).await
--
2.39.2
next reply other threads:[~2023-08-04 10:02 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-04 10:02 Gabriel Goller [this message]
2023-08-04 15:49 ` Thomas Lamprecht
2023-08-08 10:25 ` Wolfgang Bumiller
2023-08-10 7:20 ` Gabriel Goller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230804100225.95770-1-g.goller@proxmox.com \
--to=g.goller@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox