Skip to content

timkuijsten/hrsync

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 

hrsync

A minimal and hardened version of rsync that only supports receiving and sending of files over ssh.

Features:

  • Removed local-only transfers, daemon mode and batch operations
  • Disabled support for ancient protocol versions
  • Secure ssh-keys by combining two new options: --chroot and --dropsuper
  • pledge(2)d to use file-system interfaces only (requires OpenBSD)

Status: release candidate

The hardening and security parts are done, broader testing is needed in order to check if it doesn't break common use cases.

Installation

Compile and install hrsync on OpenBSD:

$ git clone https://github.com/timkuijsten/hrsync.git
$ cd hrsync
$ make
$ doas make install

Use hrsync as a drop-in replacement for rsync:

$ make
$ doas make dropin

Requirements

Currently OpenBSD is required to run hrsync. Maybe it's worth to make the pledge calls optional so that it can be used on systems without pledge.

Usage tips

  1. Use --chroot and --dropsuper to deny access from hrsync to the ssh private key
  2. Use the following options for the tightest pledge (especially when using --chroot):
    • --numeric-ids (don't pledge use of getpw)
    • --no-specials (don't pledge use of dpath and unix)
    • --no-devices (don't pledge use of dpath)

What is pledged

When using rsync in archive mode (-a) the following set of pledges are used:

  • When receiving files from a remote rsync:
    • stdio
    • proc
    • fattr
    • rpath
    • cpath
    • wpath
    • dpath
    • unix
    • getpw
  • When sending files to a remote rsync:
    • stdio
    • proc
    • rpath

See Usage tips on how to drop the need for dpath, unix and getpw.

License

rsync is distributed under the GPL version 3. For simplicity these patches are distruted under the GPL version 3 as well.

About

A minimal and hardened version of rsync

Resources

License

Stars

Watchers

Forks