A look at the recent rsync vulnerability

On January14, Nick Taitannounced the discovery of six vulnerabilities inrsync, the popular file-synchronization tool. While software vulnerabilities arenot uncommon, themost serious one he announced allows for remote code executionon servers that run rsyncd - and possibly other configurations.The bug itself is fairly simple, but this event provides a nice opportunity todig into it, show why it is so serious, and consider waysthe open-source community can prevent such mistakes in thefuture.