Matt McCutchen wrote:
Dear rsync people (particularly Wayne),
I noticed that an rsync daemon counts on the client sending a --server
option so that am_server gets set to 1. If the client doesn't supply
This can only happen in the remote-shell situcation, not at any
anonymous connections.
So I think it's safe imho.
this option, am_server remains 0 but the daemon runs start_server
anyway. This is potentially dangerous and might lead to a security
hole, although I haven't found one yet. I suggest that the daemon
either set am_server = 1 explicitly or drop the connection with an
error if the client doesn't supply --server.
--
Qi Yong
--
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
