top | item 32319182

(no title)

Koenvh | 3 years ago

Funny, I reported something similar on the rsync mailing list a couple of months ago: https://www.mail-archive.com/rsync@lists.samba.org/msg33452....

Good to see that it will be fixed. Still, rsync is not the right tool for the job if you do not trust the server.

discuss

denton-scratch|3 years ago

I take it that "server" in this context includes the remote party in a "serverless" transfer. I mean, I take it this isn't particular to the rsync daemon.

It sounds like a very serious defect, very easy to exploit. It needed to be addressed quickly. I'm not surprised they skipped the code review.

bragr|3 years ago

>rsync is not the right tool for the job if you do not trust the server

Why would you ever trust the server not to do bad things?

Koenvh|3 years ago

I do trust my own server not to misbehave, but I probably would not trust some random server on the internet.

unknown|3 years ago

[deleted]

jwilk|3 years ago

Or if you can't stand mail-archive.com:

https://lists.samba.org/archive/rsync/2022-March/032769.html