How my minimal, memory-safe Go rsync steers clear of vulnerabilities
Summary
The article analyzes a series of rsync vulnerabilities (CVE-2024-12084 to 2026-45232) and shows how a minimal Go implementation (gokrazy/rsync) leverages memory safety and safe-by-default APIs to mitigate many risks. It compares Go-based approaches to OpenBSD openrsync, discusses defense-in-depth measures (Linux namespaces, Landlock, and Go os.Root), and concludes that Go addresses most vulnerability classes except one logic bug; it also covers upgrade guidance and implications for SMB IT security practices.