[pbs-devel] applied: [PATH proxmox-backup] fix #4380: stat() is run when file is executed

Fabian Grünbichler f.gruenbichler at proxmox.com
Fri Aug 4 09:59:21 CEST 2023 

although a somewhat rare edge case, this does improve things a bit!

there is still a stray

 failed to open file: ".pxarexclude": access denied

if the client encounters a dir with +r, but -x, even if all of the dirs
entries are excluded..

I guess we could actually skip iterating with a more meaningful error
message if we lack -x? or just check that all dir entries (which we get
thanks to +r) of that dir are excluded by the patterns we already have
at that point, instead of attempting to read the contained patterns and
then recursively iterate over the dir's entries?

On August 3, 2023 5:22 pm, Gabriel Goller wrote:
> When executing `proxmox-backup-client backup ...
> --exclude "test/test.txt"` it still executed stat() on "test.txt",
> which won't work when the current user doesn't have access to the
> file or the parent folder. Now we check if the file is excluded,
> and if it is not, then we execute stat().
> 
> Signed-off-by: Gabriel Goller <g.goller at proxmox.com>
> ---
>  pbs-client/src/pxar/create.rs | 18 +++++++++---------
>  1 file changed, 9 insertions(+), 9 deletions(-)
> 
> diff --git a/pbs-client/src/pxar/create.rs b/pbs-client/src/pxar/create.rs
> index 2577cf98..c573c2a3 100644
> --- a/pbs-client/src/pxar/create.rs
> +++ b/pbs-client/src/pxar/create.rs
> @@ -434,6 +434,15 @@ impl Archiver {
>              assert_single_path_component(os_file_name)?;
>              let full_path = self.path.join(os_file_name);
>  
> +            let match_path = PathBuf::from("/").join(full_path.clone());
> +            if self
> +                .patterns
> +                .matches(match_path.as_os_str().as_bytes(), None)
> +                == Some(MatchType::Exclude)
> +            {
> +                continue;
> +            }
> +
>              let stat = match nix::sys::stat::fstatat(
>                  dir_fd,
>                  file_name.as_c_str(),
> @@ -444,15 +453,6 @@ impl Archiver {
>                  Err(err) => return Err(err).context(format!("stat failed on {:?}", full_path)),
>              };
>  
> -            let match_path = PathBuf::from("/").join(full_path.clone());
> -            if self
> -                .patterns
> -                .matches(match_path.as_os_str().as_bytes(), Some(stat.st_mode))
> -                == Some(MatchType::Exclude)
> -            {
> -                continue;
> -            }
> -
>              self.entry_counter += 1;
>              if self.entry_counter > self.entry_limit {
>                  bail!(
> -- 
> 2.39.2
> 
> 
> 
> _______________________________________________
> pbs-devel mailing list
> pbs-devel at lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
> 
> 
>

More information about the pbs-devel mailing list