[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: rssh security update breaks rsync via Synology's "hyper backup"

El 19/02/2019 a las 17:44, Russ Allbery escribió:

> Roman Medina-Heigl Hernandez <roman@rs-labs.com> writes:
> So you cannot overwrite /home/synology/rsyncd.conf.
> Can the client just do:
>     rsync rsyncd.conf <your-host>:./
You're right, I was wrong. It's game over :)

> I think to make this safe the home directory has to not be owned by the
> rssh user and not be writable by it.  That might be safe as long as the
> current working directory of rsync is always the home directory.
> (In your particular case, as mentioned in the previous message, I'm pretty
> sure command="rsync --server -daemon ." in the authorized_keys file does
> what you want since you don't need to allow other arbitrary rsync
> commands.)

Thanks Russ and all for your help.



Reply to: