Client can trick daemon into running server code with am_server
== 0
Qi Yong
qiyong at fc-cn.com
Thu Feb 15 05:55:43 GMT 2007
Matt McCutchen wrote:
> Dear rsync people (particularly Wayne),
>
> I noticed that an rsync daemon counts on the client sending a --server
> option so that am_server gets set to 1. If the client doesn't supply
This can only happen in the remote-shell situcation, not at any
anonymous connections.
So I think it's safe imho.
> this option, am_server remains 0 but the daemon runs start_server
> anyway. This is potentially dangerous and might lead to a security
> hole, although I haven't found one yet. I suggest that the daemon
> either set am_server = 1 explicitly or drop the connection with an
> error if the client doesn't supply --server.
--
Qi Yong
More information about the rsync
mailing list