Re: rssh security update breaks rsync via Synology's "hyper backup"
On Thu, Feb 14, 2019 at 10:08:40AM -0800, Russ Allbery wrote:
> Unfortunately, so far as I can tell, --server --daemon is not
> even documented in the rsync man page as something you can do (I certainly
> didn't know about its existence before this string of CVEs), so it's
> pretty hard to figure out what its intended behavior is without doing a
> deep dive into source code.
The rsync manpage states "The options --server and --sender are used internally
by rsync, and should never be typed by a user under normal circumstances.", we
should not add additional complexity on top of the existing patches for the
use case at hand.