[ANN] Updated: rsync-2.6.2-1
Lapo Luchini
lapo@lapo.it
Wed Jun 2 10:04:00 GMT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Lapo Luchini wrote:
> Ready at the same usual address:
> http://www.lapo.it/tmp/rsync-2.6.2-1.tar.bz2
> http://www.lapo.it/tmp/rsync-2.6.2-1-src.tar.bz2
BTW, from http://rsync.samba.org/#security_apr04
April 2004 Security Advisory
There is a security problem in all versions prior to 2.6.1 that affects
only people running a read/write daemon WITHOUT using chroot. If the
user privs that such an rsync daemon is using is anything above
"nobody", you are at risk of someone crafting an attack that could write
a file outside of the module's "path" setting (where all its files
should be stored). Please either enable chroot or upgrade to 2.6.1.
People not running a daemon, running a read-only daemon, or running a
chrooted daemon are totally unaffected.
- --
L a p o L u c h i n i
l a p o @ l a p o . i t
w w w . l a p o . i t /
http://www.megatokyo.it
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Cygwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkC9pjoACgkQaJiCLMjyUvuGxQCg/NiSmU5Mv7NyyDFrKN06tj+t
9IIAnRa/VCxJC22ebpSYN1FYtPTwJsXt
=EEQs
-----END PGP SIGNATURE-----
More information about the Cygwin-apps
mailing list