Rsync-daemon security advisories for writable daemons

Matt McCutchen matt at
Mon Dec 10 21:30:55 GMT 2007

On Mon, 2007-12-10 at 22:20 +0100, Olivier Thauvin wrote:
> I don't how to really fix into rsync, 
> except checking uname to get the running kernel's version.

It would seem much more direct to simply attempt the lutimes and ignore
an error of ENOSYS (Function not implemented).  I don't think it's
important for performance to make rsync not attempt lutimes again after
an ENOSYS because IIRC, glibc's lutimes wrapper already does this.

The current development rsync ignores all errors, but errors other than
ENOSYS might be significant.  For example, if the machine supports
lutimes but the symlink belongs to another user, lutimes could fail with
EPERM, and I would want to know about that just like for a regular file.


More information about the rsync mailing list