recent discussion regarding 'checksums'

Paul Slootman paul+rsync at
Mon Sep 27 04:47:26 MDT 2010

On Mon 27 Sep 2010, grarpamp wrote:

> >  Yes, right now "rsync -c" is not good if an attacker has had the
> >  opportunity to plant files on the destination and you want to make sure
> >  the files get updated properly, but that's an uncommon use case
> Or whitehat people backing up cracked boxes.

If I was backing up a known cracked box, I would not overwrite a good
backup with that; I would create a clean full backup for that purpose.

If I was unknowingly backing up a cracked box, I wouldn't mind the
planted files not overwriting the originals in the backup :-)

> Or anyhat people backing up data generated from their fleet of playstations.

You'd expect the timestamp and other metadata to differ in that case, so
that -c isn't needed.


More information about the rsync mailing list