[Bug 10936] Rsync path hijacking attack vulnerability

samba-bugs at samba.org samba-bugs at samba.org
Mon Dec 1 00:16:16 MST 2014


--- Comment #6 from gaojianfeng <gaojianfeng at baidu.com> ---
(In reply to Wayne Davison from comment #3)
yes !  In newest version rsync(3.1.1),directly modify the file path into
absolute path is
not hijack succeed due to the security checks,but using symbolic links still
can bypass
security checks and spoofing client.
A new bug I submitted :https://bugzilla.samba.org/show_bug.cgi?id=10977

You are receiving this mail because:
You are the QA Contact for the bug.

More information about the rsync mailing list