need help with an rsync patch

Wayne Davison wayned at
Thu Aug 29 12:16:03 MDT 2013

On Tue, Aug 27, 2013 at 8:03 PM, Sherin A <sherinmon at> wrote:

> Hope they will report it as a  vulnerability , because this POC has been
> exploited successfully  and it is affected by all software that  use rsync
> as a backup  and restore  tool.

This is totally false.  The vulnerability is your insecure use of chown, so
you are shooting yourself in the foot. You could accomplish the same bad
sequence of copying/restoring using any backup tool.

If you want to use a non-root backup store, just use --fake-super on the
remote side, as previously mentioned (and ensure that xattrs are enabled

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the rsync mailing list