> you are safe if your rsync is only via secure connections Not quite. If server... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		kees99 11 months ago \| parent \| context \| favorite \| on: Rsync vulnerabilities > you are safe if your rsync is only via secure connections Not quite. If server has "command=rsync ..." in ~/.ssh/authorized_keys file, for some ssh key (to allow rsync access, but deny shell access), this vulnerability will allow attacker in possession of that ssh key to go around that restriction, and get shell nonetheless.

nrdvana 11 months ago [–]

He said where untrusted parties aren't able to run rsync.

If I was running an rsync daemon facing the public, it would be in a chroot with dropped privileges.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact