New rsync Released to Fix Vulnerability 226
cshields2 writes "Today the rsync developers have released a new version that fixes an exploitable security vulnerability when running rsync as an 'rsync server.' Any server out there running rsync should check this out and upgrade if necessary. (which is every open source mirror server out there, and many mirrors themselves)"
Package Download (Score:3, Interesting)
http://slackware.com/security/viewer.php?l=slackw
Of course if you're running a server you should theoretically be subscribing to the security mailing list. Right?
Re:Workaround (Score:5, Interesting)
What if I don't want system users for every rsync user? What if I need to run my connections through an http proxy server (yes, I really, really do)? What if I want standard mechanisms for listing available modules? What if I want to limit the number of simultaneous connections for a specific area? What if I want to limit the files available in a specific area? What if I want to transfer sensitive files on a system periodically from cron, but I don't want to have an ssh key that grants access to do this without a password on the recipient machine?
I think that pretty much sums up the ways I most commonly use rsync around the house. I do use it with the -e ssh option for one-off things sometimes as well, but not running a server is certainly no workaround for me.
Wow, that was fast (Score:0, Interesting)
Keep up the great work, guys! I'm definitely donating to the Gentoo project this Xmas
Re:FSF Savannah Server Compromised (Score:3, Interesting)
While it can be somewhat distressing, these attacks can only make us stronger.
It's kinda sad, really. I mean, we're just a big happy group of people who write code for the fun of it, and then share it with everybody else. We're a decent bunch. What did we do to deserve all this hostility?
Re:Gentoo (Score:1, Interesting)
What would be nice, would be if some of the developers focused on security from the jump, sort of OpenBSD'ish, and no I'm not making a comparison, sort of throwing an idea for devels to use preemptive strikes, assessing a situation beforehand. Regardless if there was a buffer overflow of stack/heap/$INSERT_VULN_HERE, what about the core concept of security. User accounts, firewall rules, checksums, etal.
If I were a CTO or someone who was checking into making a switch, sorry to say but right now it wouldn't be Gentoo. Sure its a nice little distribution, but the security lapse just threw them into an `I won't be using that distro any time soon` category.
Again not putting down Gentoo just adding my observations
Debian Security Advisory (Score:1, Interesting)
Snapshot-Style Backups with rsync (Score:2, Interesting)
Basically it uses rsync and cp to create a backup, but only changed files are actually copied; unchanged files are simply linked to. This saves a lot of disk space, and allows you to keep many backups on the system at one time, assuming most of your files don't change.
Some history.. (Score:5, Interesting)
Re:FSF Savannah Server Compromised (Score:1, Interesting)