recent discussion regarding 'checksums'
paul+rsync at wurtel.net
Mon Sep 27 04:47:26 MDT 2010
On Mon 27 Sep 2010, grarpamp wrote:
> > Yes, right now "rsync -c" is not good if an attacker has had the
> > opportunity to plant files on the destination and you want to make sure
> > the files get updated properly, but that's an uncommon use case
> Or whitehat people backing up cracked boxes.
If I was backing up a known cracked box, I would not overwrite a good
backup with that; I would create a clean full backup for that purpose.
If I was unknowingly backing up a cracked box, I wouldn't mind the
planted files not overwriting the originals in the backup :-)
> Or anyhat people backing up data generated from their fleet of playstations.
You'd expect the timestamp and other metadata to differ in that case, so
that -c isn't needed.
More information about the rsync