This is the mail archive of the
cygwin-apps@cygwin.com
mailing list for the Cygwin project.
Re: [ANN] Updated: rsync-2.6.2-1
- From: Lapo Luchini <lapo at lapo dot it>
- To: Mailing List: CygWin-Apps <cygwin-apps at cygwin dot com>
- Date: Wed, 02 Jun 2004 12:04:42 +0200
- Subject: Re: [ANN] Updated: rsync-2.6.2-1
- References: <40BD8806.3080002@lapo.it>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Lapo Luchini wrote:
> Ready at the same usual address:
> http://www.lapo.it/tmp/rsync-2.6.2-1.tar.bz2
> http://www.lapo.it/tmp/rsync-2.6.2-1-src.tar.bz2
BTW, from http://rsync.samba.org/#security_apr04
April 2004 Security Advisory
There is a security problem in all versions prior to 2.6.1 that affects
only people running a read/write daemon WITHOUT using chroot. If the
user privs that such an rsync daemon is using is anything above
"nobody", you are at risk of someone crafting an attack that could write
a file outside of the module's "path" setting (where all its files
should be stored). Please either enable chroot or upgrade to 2.6.1.
People not running a daemon, running a read-only daemon, or running a
chrooted daemon are totally unaffected.
- --
L a p o L u c h i n i
l a p o @ l a p o . i t
w w w . l a p o . i t /
http://www.megatokyo.it
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Cygwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkC9pjoACgkQaJiCLMjyUvuGxQCg/NiSmU5Mv7NyyDFrKN06tj+t
9IIAnRa/VCxJC22ebpSYN1FYtPTwJsXt
=EEQs
-----END PGP SIGNATURE-----