[debian-security@lists.debian.org → Bcc] Holger Levsen wrote:
> > I applied recent rssh security updates to Debian 8 (jessie) and I > > noticed that it breaks Synology's "Hyper backup" tool (with rsync method). > > > > Feb 10 03:28:21 roman rssh[19985]: cmd 'rsync' approved > > Feb 10 03:28:21 roman rssh[19985]: insecure rsync options in rsync > > command line! > > Feb 10 03:28:21 roman rssh[19985]: user synology attempted to execute > > forbidden commands > > Feb 10 03:28:21 roman rssh[19985]: command: rsync --server --daemon . > > > > Is it really unsafe to issue a "rsync --server --daemon ." command so it > > deserves to be blocked?` FYI this is the patch in question: https://sources.debian.org/src/rssh/2.3.4-11/debian/patches/0007-Verify-rsync-command-options.patch/#L15-L20 Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org 🍥 chris-lamb.co.uk `-