[Box Backup] Symlink error in bbackupd?

Hans-Joachim Baader boxbackup@fluffy.co.uk
Sat, 3 Nov 2007 18:54:31 +0100


--cYtjc4pxslFTELvY
Content-Type: text/plain; charset=iso-8859-15
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi,

create two directories, eg. /root/a and /root/b:

drwxr-xr-x 2 root root 1024 Nov  3 18:35 a/
drwxr-xr-x 2 root root 1024 Nov  3 18:35 b/

Create a directory in a and an absolute symlink to this dir in b:

a:
total 1
drwxr-xr-x 2 root root 1024 Nov  3 18:39 dir/

b:
total 0
lrwxrwxrwx 1 root root 11 Nov  3 18:40 link -> /root/a/dir/

Create a file in /root/a/dir.

I think there is a problem when bbackupd backs this up. It seems
the link is not converted into a relative one. So, when doing a
restore into a different directory (possibly on a different machine),
eg. for testing the backup, then, according to my log, it attempts
to overwrite /root/a/dir/file. To make it clear why this is bad:
Assume the data should be restored in /var/back, so obviously
root/a/dir/file in the backup should be written to /var/back/root/a/dir/file
and under no circumstances outside /var/back.

I constructed the example from my observation, hopefully it works as
expected to make the problem clear. This could also be security
relevant, even if this usage might be unusual. Is the problem
known/understood/already solved?

The observation was made with boxbackup 0.10. Are there any config
options relevant to this?

Regards,
hjb
--=20
Pro-Linux - Germany's largest volunteer Linux support site
http://www.pro-linux.de/          Public Key ID 0x3DDBDDEA

--cYtjc4pxslFTELvY
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHLLXXLbySPj3b3eoRAiofAKCVhdxGFetgJiskpeI/L9ZqglfMTQCeLoyz
CWRVVbovrdnHw5rPntvyYnI=
=fIof
-----END PGP SIGNATURE-----

--cYtjc4pxslFTELvY--