Re: rssh security update breaks rsync via Synology's "hyper backup"
El 19/02/2019 a las 17:44, Russ Allbery escribió:
> Roman Medina-Heigl Hernandez <roman@rs-labs.com> writes:
>
> So you cannot overwrite /home/synology/rsyncd.conf.
> Can the client just do:
>
> rsync rsyncd.conf <your-host>:./
>
You're right, I was wrong. It's game over :)
> I think to make this safe the home directory has to not be owned by the
> rssh user and not be writable by it. That might be safe as long as the
> current working directory of rsync is always the home directory.
> (In your particular case, as mentioned in the previous message, I'm pretty
> sure command="rsync --server -daemon ." in the authorized_keys file does
> what you want since you don't need to allow other arbitrary rsync
> commands.)
Thanks Russ and all for your help.
Cheers,
-Román
Reply to: