Re: rssh Vulnerability: Command Execution with allowscp
Brought to you by:
xystrus
Menu
▾
▴
Re: rssh Vulnerability: Command Execution with allowscp
|
From: Derek M. <co...@pi...> - 2019-02-01 20:24:31
|
On Mon, Jan 28, 2019 at 09:50:36PM -0800, Russ Allbery wrote: > I may write some really stripped-down version of the same basic idea for > my own use that ignores the command sent by the client and just always > runs rsync --server with a bunch of standard options. That is obviously the best possible approach, but also obviously gives up all measure of flexibility. Still, it should suffice for the majority of use cases. -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0x81CFE75D |