Post Syndicated from daroc original https://lwn.net/Articles/1005302/

On January 14, Nick Tait

announced the discovery of six vulnerabilities in

rsync, the popular file-synchronization tool. While software vulnerabilities are
not uncommon, the

most serious one he announced allows for remote code execution
on servers that run rsyncd — and possibly other configurations.
The bug itself is fairly simple, but this event provides a nice opportunity to
dig into it, show why it is so serious, and consider ways
the open-source community can prevent such mistakes in the
future.