Re: rssh security update breaks rsync via Synology's "hyper backup"
On 14/02/2019 18:06, Roman Medina-Heigl Hernandez wrote:
> Hi security-fellows,
>
> I applied recent rssh security updates to Debian 8 (jessie) and I
> noticed that it breaks Synology's "Hyper backup" tool (with rsync method).
>
> The relevant log lines at my Debian server:
>
> Feb 10 03:28:21 roman rssh[19985]: cmd 'rsync' approved
> Feb 10 03:28:21 roman rssh[19985]: insecure rsync options in rsync
> command line!
> Feb 10 03:28:21 roman rssh[19985]: user synology attempted to execute
> forbidden commands
> Feb 10 03:28:21 roman rssh[19985]: command: rsync --server --daemon .
>
> Is it really unsafe to issue a "rsync --server --daemon ." command so it
> deserves to be blocked?`
There was a regression in the rssh security update. It has already been fixed in
stretch, expect an update for jessie soon.
Cheers,
Emilio
Reply to: