Deepthix .
← Retour au blog
tech 24 May 2026

How My Minimal, Memory-Safe Go Rsync Steers Clear of Vulnerabilities

Learn how a minimal and memory-safe Go implementation of rsync can avoid security vulnerabilities, with concrete examples and recent figures.

Introduction

Security challenges in software development are ubiquitous, especially with well-established software like rsync. In 2025 and 2026, several critical vulnerabilities were discovered in rsync, posing major risks to production systems. In this article, we explore how a minimal and memory-safe rewrite of rsync in Go can avoid these pitfalls.

Why Go?

Go is often chosen for its intrinsic memory safety and simplicity. Unlike languages like C, where memory management errors can lead to security flaws, Go offers automatic memory management that eliminates entire classes of vulnerabilities such as buffer overflows and use-after-free.

Example of Avoided Vulnerabilities

In January 2025, researchers uncovered six critical flaws in rsync, some allowing arbitrary code execution. Among them, CVE-2024-12084 to 12088 allowed attackers to inject malicious code via specially crafted files. By adopting Go, my rsync implementation avoids these issues with its strict type and memory boundaries management.

Comparison with OpenBSD's openrsync

OpenBSD has its own version of rsync, openrsync, written in C. While designed for security, it does not benefit from the intrinsic memory safety guarantees of Go. In contrast, gokrazy/rsync, thanks to Go, eliminates memory-related risks while remaining compatible with rsync specifications.

Defense in Depth

Using Go is not the only way to enhance security. Integrating defense-in-depth mechanisms is also crucial. For example, using Linux mount namespaces and hardening with systemd can add additional layers of security. With gokrazy/rsync, these techniques are easily integrable thanks to Go's modular nature.

Concrete Example: Linux Landlock

Linux Landlock is a security framework that allows restricting a process's capabilities. By using it with gokrazy/rsync, you can limit file system access, reducing risks in case of a compromise.

Conclusion

Switching to a Go implementation of rsync, like gokrazy/rsync, not only replicates existing functionalities but offers enhanced security through memory-safe management. This, combined with defense-in-depth practices, provides a robust solution for production environments.

Let's discuss your project in 15 minutes.

Go rsync security memory-safe vulnerabilities
Deepthix newsletter · 100% AI · every Monday 8am

An AI agent reads tech for you.

Our AI agent scans ~200 sources per week and ships the best articles to your inbox Monday 8am. Free. One click to unsubscribe.

Visit the newsletter page →

Want to automate your operations?

Let's talk about your project in 15 minutes.

Book a call