src/usr.bin/rsync/receiver.c - diff

Return to receiver.c CVS log

Up to [local] / src / usr.bin / rsync

Diff for /src/usr.bin/rsync/receiver.c between version 1.29 and 1.29.2.1

-version 1.29, 2021/08/29 13:43:46
+version 1.29.2.1, 2021/11/09 13:40:41
 Line 184
 Line 184
 Line 184
          if (pledge("stdio unix rpath wpath cpath dpath fattr chown getpw unveil", NULL) == -1)
                  err(ERR_IPC, "pledge");
+         /*
+          * Create the path for our destination directory, if we're not
+          * in dry-run mode (which would otherwise crash w/the pledge).
+          * This uses our current umask: we might set the permissions on
+          * this directory in post_dir().
+          */
+         if (!sess->opts->dry_run) {
+                 if ((tofree = strdup(root)) == NULL)
+                         err(ERR_NOMEM, NULL);
+                 if (mkpath(tofree) < 0)
+                         err(ERR_FILE_IO, "%s: mkpath", tofree);
+                 free(tofree);
+         }
+         /*
+          * Make our entire view of the file-system be limited to what's
+          * in the root directory.
+          * This prevents us from accidentally (or "under the influence")
+          * writing into other parts of the file-system.
+          */
+         if (sess->opts->basedir[0]) {
+                 /*
+                  * XXX just unveil everything for read
+                  * Could unveil each basedir or maybe a common path
+                  * also the fact that relative path are relative to the
+                  * root does not help.
+                  */
+                 if (unveil("/", "r") == -1)
+                         err(ERR_IPC, "%s: unveil", root);
+         }
+         if (unveil(root, "rwc") == -1)
+                 err(ERR_IPC, "%s: unveil", root);
+         if (unveil(NULL, NULL) == -1)
+                 err(ERR_IPC, "unveil");
          /* Client sends exclusions. */
          if (!sess->opts->server)
                  send_rules(sess, fdout);
-Line 222
+Line 260
 Line 222
 Line 260
          LOG2("%s: receiver destination", root);
          /*
-          * Create the path for our destination directory, if we're not
-          * in dry-run mode (which would otherwise crash w/the pledge).
-          * This uses our current umask: we might set the permissions on
-          * this directory in post_dir().
-          */
-         if (!sess->opts->dry_run) {
-                 if ((tofree = strdup(root)) == NULL)
-                         err(ERR_NOMEM, NULL);
-                 if (mkpath(tofree) < 0)
-                         err(ERR_FILE_IO, "%s: mkpath", tofree);
-                 free(tofree);
-         }
-         /*
           * Disable umask() so we can set permissions fully.
           * Then open the directory iff we're not in dry_run.
           */
-Line 244
+Line 267
 Line 244
 Line 267
          oumask = umask(0);
          if (!sess->opts->dry_run) {
-                 dfd = open(root, O_RDONLY | O_DIRECTORY, 0);
+                 dfd = open(root, O_RDONLY | O_DIRECTORY);
                  if (dfd == -1)
                          err(ERR_FILE_IO, "%s: open", root);
          }
-Line 260
+Line 283
 Line 260
 Line 283
                  ERRX1("flist_gen_local");
                  goto out;
          }
-         /*
-          * Make our entire view of the file-system be limited to what's
-          * in the root directory.
-          * This prevents us from accidentally (or "under the influence")
-          * writing into other parts of the file-system.
-          */
-         if (unveil(root, "rwc") == -1)
-                 err(ERR_IPC, "%s: unveil", root);
-         if (unveil(NULL, NULL) == -1)
-                 err(ERR_IPC, "unveil");
          /* If we have a local set, go for the deletion. */