[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: rssh security update breaks rsync via Synology's "hyper backup"

On Thu, Feb 14, 2019 at 10:08:40AM -0800, Russ Allbery wrote:
> Unfortunately, so far as I can tell, --server --daemon is not
> even documented in the rsync man page as something you can do (I certainly
> didn't know about its existence before this string of CVEs), so it's
> pretty hard to figure out what its intended behavior is without doing a
> deep dive into source code.

The rsync manpage states "The options --server and --sender are used internally
 by rsync, and should never be typed by a user under normal circumstances.", we
should not add additional complexity on top of the existing patches for the
use case at hand.


Reply to: