This is the mail archive of the cygwin-apps@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [ANN] Updated: rsync-2.6.2-1


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Lapo Luchini wrote:
> Ready at the same usual address:
> http://www.lapo.it/tmp/rsync-2.6.2-1.tar.bz2
> http://www.lapo.it/tmp/rsync-2.6.2-1-src.tar.bz2

BTW, from http://rsync.samba.org/#security_apr04

April 2004 Security Advisory

There is a security problem in all versions prior to 2.6.1 that affects
only people running a read/write daemon WITHOUT using chroot. If the
user privs that such an rsync daemon is using is anything above
"nobody", you are at risk of someone crafting an attack that could write
a file outside of the module's "path" setting (where all its files
should be stored). Please either enable chroot or upgrade to 2.6.1.
People not running a daemon, running a read-only daemon, or running a
chrooted daemon are totally unaffected.

- --
L a p o   L u c h i n i
l a p o @ l a p o . i t
w w w . l a p o . i t /
http://www.megatokyo.it
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Cygwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkC9pjoACgkQaJiCLMjyUvuGxQCg/NiSmU5Mv7NyyDFrKN06tj+t
9IIAnRa/VCxJC22ebpSYN1FYtPTwJsXt
=EEQs
-----END PGP SIGNATURE-----


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]