need help with an rsync patch
Wayne Davison
wayned at samba.org
Thu Aug 29 12:16:03 MDT 2013
On Tue, Aug 27, 2013 at 8:03 PM, Sherin A <sherinmon at gmail.com> wrote:
> Hope they will report it as a vulnerability , because this POC has been
> exploited successfully and it is affected by all software that use rsync
> as a backup and restore tool.
This is totally false. The vulnerability is your insecure use of chown, so
you are shooting yourself in the foot. You could accomplish the same bad
sequence of copying/restoring using any backup tool.
If you want to use a non-root backup store, just use --fake-super on the
remote side, as previously mentioned (and ensure that xattrs are enabled
there).
..wayne..
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/rsync/attachments/20130829/bf7524fb/attachment.html>
More information about the rsync
mailing list