On 14/02/2019 18:06, Roman Medina-Heigl Hernandez wrote: > Hi security-fellows, > > I applied recent rssh security updates to Debian 8 (jessie) and I > noticed that it breaks Synology's "Hyper backup" tool (with rsync method). > > The relevant log lines at my Debian server: > > Feb 10 03:28:21 roman rssh[19985]: cmd 'rsync' approved > Feb 10 03:28:21 roman rssh[19985]: insecure rsync options in rsync > command line! > Feb 10 03:28:21 roman rssh[19985]: user synology attempted to execute > forbidden commands > Feb 10 03:28:21 roman rssh[19985]: command: rsync --server --daemon . > > Is it really unsafe to issue a "rsync --server --daemon ." command so it > deserves to be blocked?`
There was a regression in the rssh security update. It has already been fixed in stretch, expect an update for jessie soon. Cheers, Emilio
