Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Unix :: General :: unix5191.htm

rsync group group privilege vulnerability
20th Mar 2002 [SBWID-5191]

	rsync group group privilege vulnerability


	2.5.3 and previous


	Ethan Benson  found  that  rsyncd  fails  to  drop  root\'s  groups  (as
	explained in Mandrake advisory MDKSA-2002:024) :

	The supplementary groups that the rsync daemon runs as  (such  as  root)
	would not be removed from the  server  process  after  changing  to  the
	specified unprivileged uid and gid. This seems only serious if rsync  is
	called using \"rsync --daemon\" from the  command  line  where  it  will
	inherit the group of the user starting the server (usually root).


	Upgrade to last version, 2.5.4, which also correct the zlib double  free

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH