[scponly] Request review for patch to add support for bbcp to scponly
Craig Tierney
Craig.Tierney at noaa.gov
Thu May 21 15:26:29 EDT 2009
I have written a patch to scponly-4.8 so that it can support
bbcp. Bbcp (http://www.slac.stanford.edu/~abh/bbcp/) is a high
performance transfer mechanism that relies on ssh for authentication
and control, but creates its own channels (multi-threaded) for bulk data transfer.
Bbcp gets around the known problems with high-latency, high-bandwidth
transfers that are present in scp.
The local bbcp calls ssh in the following manner:
ssh $SSHOPTS $HOSTNAME bbcp (SNK|SRC)
The SNK and SRC text defines which way the channels of the sessions should be created.
As far as I can tell, all other communication and configuration is passed through
the ssh channel.
Bbcp does call one system tool, /bin/ps. Code has been added to support this.
My biggest concern with this (since I am not security expert) is that if you
want to use bbcp with a jailed-root environment, you need to mount /proc in
the jailed-root. That filesystem is mostly used for reading system data, however
if root access was gained in the jailed-root, then I could see an exploit where
any entries in /proc that are writable, the use could write values that could
harm or corrupt the system.
The patch includes changes to config.h.in and configure.in as well as changes
to the code. The new feature is enabled with --enable-bbcp-compat. I would
appreciate it if someone more knowledgeable about scponly than I to review
the patch below and see if it looks correct or if I did something "horribly wrong".
Thanks,
Craig
diff -urN scponly-4.8/config.h.in ../scponly-4.8-bbcp/config.h.in
--- scponly-4.8/config.h.in 2008-01-15 06:26:13.000000000 +0000
+++ ../scponly-4.8-bbcp/config.h.in 2009-05-21 18:43:53.990556000 +0000
@@ -14,6 +14,7 @@
#undef PASSWD_COMPAT
#undef ENABLE_SCP2
#undef ENABLE_SFTP
+#undef ENABLE_BBCP
#undef SVNSERV_COMPAT
#undef ENABLE_WILDCARDS
#undef RESTRICTIVE_FILENAMES
@@ -51,6 +52,11 @@
#define PROG_CD "cd"
#endif /*ENABLE_SCP2*/
+#ifdef ENABLE_BBCP
+#undef PROG_BBCP
+#undef PROG_PS
+#endif /*ENABLE_BBCP*/
+
/* sftp logging compatibility mode */
#undef SFTP_LOGGING
diff -urN scponly-4.8/configure.in ../scponly-4.8-bbcp/configure.in
--- scponly-4.8/configure.in 2008-01-15 06:26:13.000000000 +0000
+++ ../scponly-4.8-bbcp/configure.in 2009-05-21 18:57:03.645227000 +0000
@@ -104,6 +104,17 @@
scponly_sftp_compat=1
])
+AC_ARG_ENABLE([bbcp-compat],
+ AC_HELP_STRING([--enable-bbcp-compat], [enable bbcp compatibility]),
+ [
+ if test "x$enableval" != "xno"; then
+ bbcp_compat=1
+ AC_DEFINE([ENABLE_BBCP])
+ fi
+ ],[
+ echo dnl Defaults to off, must be turned on explicitly
+ ])
+
AC_ARG_ENABLE([winscp-compat],
AC_HELP_STRING([--enable-winscp-compat], [enable winscp (and scp) compatibility]),
[
@@ -244,6 +255,13 @@
SCPONLY_PATH_PROG_DEFINE([PROG_RMDIR], [rmdir], [/bin:/usr/bin:/sbin:/usr/sbin])
fi
+#Add options for bbcp
+if test "x$enable_bbcp_compat" != "x"; then
+ AC_MSG_NOTICE([enabling bbcp compatability...])
+ SCPONLY_PATH_PROG_DEFINE([PROG_BBCP], [bbcp], [/bin:/usr/bin])
+ SCPONLY_PATH_PROG_DEFINE([PROG_PS], [ps], [/bin:/usr/bin])
+fi
+
dnl Check for binaries required by the WinSCP compatibility mode
dnl winscp-compat conditionals:
if test "x$enable_winscp_compat" != "xno"; then
diff -urN scponly-4.8/scponly.c ../scponly-4.8-bbcp/scponly.c
--- scponly-4.8/scponly.c 2008-01-15 06:28:24.000000000 +0000
+++ ../scponly-4.8-bbcp/scponly.c 2009-05-21 19:03:29.733811000 +0000
@@ -62,6 +62,11 @@
{ PROG_RSYNC, 1 },
#endif /*ENABLE_RSYNC*/
+#ifdef ENABLE_BBCP
+ { PROG_BBCP, 1 },
+ { PROG_PS, 1 },
+#endif /*ENABLE_BBCP*/
+
#ifdef PASSWD_COMPAT
{ PROG_PASSWD, 1 },
#endif /*ENABLE_PASSWD*/
@@ -744,6 +749,10 @@
if (exact_match(av[0],PROG_SCP))
av = expand_wildcards(av);
#endif
+#ifdef ENABLE_BBCP
+ if (exact_match(av[0],PROG_BBCP))
+ av = expand_wildcards(av);
+#endif
#endif
/*
--
Craig Tierney (craig.tierney at noaa.gov)
More information about the scponly
mailing list