Matt McCutchen's Web Site / rsync / rsync.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5a03f68) | patch
fixed a race condition in rsync that opened a security hole. The
authorAndrew Tridgell <tridge@samba.org>
Thu, 18 Jun 1998 12:17:23 +0000 (12:17 +0000)
committerAndrew Tridgell <tridge@samba.org>
Thu, 18 Jun 1998 12:17:23 +0000 (12:17 +0000)
commit22b193328754701c37942f4776116ada880efaef
tree114aed3bf7dbdf34ca5aada1765b9d29ab98f89atree
parent5a03f68a5a81695bf8bae65fcd7faa226986ba55commit | diff
fixed a race condition in rsync that opened a security hole. The
temporary files were being created with the same permissions as the
original file. So if the file was setuid but not owned by the user
doing the transfer then there was a window of opportunity for a
malicious user to execute it with the wrong permissions while it was
being transferred.

Thanks to snabb@epipe.fi for pointing this out.
rsync.c diff | blob | blame | history
rsync.h diff | blob | blame | history
Matt McCutchen's repository for rsync, the fast and versatile remote file copier