[pbs-devel] [PATCH proxmox-backup] fix #4380: check permissions before entering directory

Fri Aug 4 12:02:25 CEST 2023

When creating a backup, we now check if we have the correct permissions
(r,x) before entering a directory. This is mainly to prevent stat() from
failing with EACCESS errors. We also check if the directory contains
non-excluded files and warn the user.

Signed-off-by: Gabriel Goller <g.goller at proxmox.com>
---
 pbs-client/src/pxar/create.rs | 47 +++++++++++++++++++++++++++++++++--
 1 file changed, 45 insertions(+), 2 deletions(-)

diff --git a/pbs-client/src/pxar/create.rs b/pbs-client/src/pxar/create.rs
index 2577cf98..f2333284 100644
--- a/pbs-client/src/pxar/create.rs
+++ b/pbs-client/src/pxar/create.rs
@@ -638,7 +638,7 @@ impl Archiver {
     async fn add_directory<T: SeqWrite + Send>(
         &mut self,
         encoder: &mut Encoder<'_, T>,
-        dir: Dir,
+        mut dir: Dir,
         dir_name: &CStr,
         metadata: &Metadata,
         stat: &FileStat,
@@ -663,9 +663,52 @@ impl Archiver {
                 skip_contents = !set.contains(&stat.st_dev);
             }
         }
+        if skip_contents {
+            log::warn!("Skipping mount point: {:?}", self.path);
+        }
+
+        let mode = nix::sys::stat::Mode::from_bits_truncate(stat.st_mode);
+        // if we have read and write permissions on the folder
+        if (!mode.contains(Mode::S_IRUSR) || !mode.contains(Mode::S_IXUSR))
+            && skip_contents == false
+        {
+            skip_contents = true;
+            let mut contains_non_excluded_files = false;
+            if mode.contains(Mode::S_IRUSR) {
+                // check if all children are excluded
+                for file in dir.iter() {
+                    let file = file?;
+
+                    let file_name = file.file_name().to_owned();
+                    let file_name_bytes = file_name.to_bytes();
+                    if file_name_bytes == b"." || file_name_bytes == b".." {
+                        continue;
+                    }
+                    let os_file_name = OsStr::from_bytes(file_name_bytes);
+                    assert_single_path_component(os_file_name)?;
+                    let full_path = self.path.join(os_file_name);
+                    let match_path = PathBuf::from("/").join(full_path.clone());
+                    if self
+                        .patterns
+                        .matches(match_path.as_os_str().as_bytes(), Some(stat.st_mode))
+                        != Some(MatchType::Exclude)
+                    {
+                        contains_non_excluded_files = true;
+                        break;
+                    }
+                }
+            }
+            if contains_non_excluded_files {
+                log::warn!(
+                    "Skipping directory: {:?}, access denied (contains non-excluded files)",
+                    self.path
+                );
+            } else {
+                log::warn!("Skipping directory: {:?}, access denied", self.path);
+            }
+        }
 
         let result = if skip_contents {
-            log::info!("skipping mount point: {:?}", self.path);
             Ok(())
         } else {
             self.archive_dir_contents(&mut encoder, dir, false).await
-- 
2.39.2




