[Bug 10936] Rsync path hijacking attack vulnerability

Michael keybounce at gmail.com
Mon Nov 17 08:05:08 MST 2014

This may seem silly, but isn't the point of asking an rsync server for files to create that you trust the server to tell you what files to ...

Wait, are you saying that the client will ignore the subtree that it thinks it is traversing?
That the client does not sanity check the path it gets from the server?

"Never trust your client" just became "never trust your server" :-).

But it brings up an interesting question. Do servers also accept any filename from the client?

More information about the rsync mailing list