Hi:
In newest version rsync(3.1.1),directly modify the file path into absolute
path is not hijack succeed due to the security checks,but using symbolic links
still can bypass security checks and spoofing client.
A new bug I submitted :https://bugzilla.samba.org/show_bug.cgi?id=10977
Onlin
https://bugzilla.samba.org/show_bug.cgi?id=10936
--- Comment #6 from gaojianfeng ---
(In reply to Wayne Davison from comment #3)
yes ! In newest version rsync(3.1.1),directly modify the file path into
absolute path is
not hijack succeed due to the security checks,but using symbolic links still
c
https://bugzilla.samba.org/show_bug.cgi?id=10977
Bug ID: 10977
Summary: Rsync path spoofing attack vulnerability (rsync
3.1.1 tested)
Product: rsync
Version: 3.1.1
Hardware: All
OS: Linux
Statu
