On Tue, Aug 27, 2013 at 8:03 PM, Sherin A <sherin...@gmail.com> wrote:
> Hope they will report it as a vulnerability , because this POC has been > exploited successfully and it is affected by all software that use rsync > as a backup and restore tool. This is totally false. The vulnerability is your insecure use of chown, so you are shooting yourself in the foot. You could accomplish the same bad sequence of copying/restoring using any backup tool. If you want to use a non-root backup store, just use --fake-super on the remote side, as previously mentioned (and ensure that xattrs are enabled there). ..wayne..
-- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
