rdiff-backup-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [rdiff-backup-users] Security violations with --server --restrict-re


From: Randall Nortman
Subject: Re: [rdiff-backup-users] Security violations with --server --restrict-read-only
Date: Mon, 25 Aug 2003 19:27:06 -0500
User-agent: Mutt/1.5.4i

Being the impatient sort that I am, I have done yet more investigation
on this problem. I installed 0.13.1 on both client and server and
reproduced the problem in the same way as with 0.12.3, except that now
the security violation is on the call to os.getcwd on line 510 of
Main.py. Again, to reproduce this, just execute something like this:

rdiff-backup --remote-schema 'ssh -C %s --server --restrict-read-only 
/some/path' hostname::/some/path /destination/path

Anybody have any suggestions? Is anybody even hearing me?

On Sat, Aug 23, 2003 at 09:10:08AM -0500, Randall Nortman wrote:
> I have done some more investigation on this on my own, and it seems
> that using --restrict-read-only on the server side of the connection
> will always fail on this call to robust.install_signal_handlers. I
> therefore have two questions and an observation:
> 
> 1) Am I using --restrict-read-only wrong? My intention is to have a
>    user account on the machine I wish to back up which is allowed (via
>    sudo) to execute rdiff-backup with root permissions so that the
>    entire filesystem may be accessed, but I want to restrict this to
>    read-only access. I want to initiate the SSH connection from the
>    backup machine, and so the machine being backed up ends up as the
>    server in this case. (Using --restrict-read-only on the client side
>    does me no good; I want to restrict access on the server.)
> 
> 2) Is there any reason that install_signal_handlers shouldn't be added
>    to allowed_requests in Security.set_allowed_requests? It seems
>    harmless enough, but I'm reluctant to go tampering with this part
>    of the code without fully understanding what I'm doing.
> 
> 3) It seems to me that robust.install_signal_handlers is being called
>    once for each connection in Globals.connections, whereas it really
>    only needs to be called once for the life of the process. The doc
>    comment for the function says "Install signal handlers on current
>    connection", but I don't see any connection-related logic in the
>    function; it's just setting the process signal handler. I don't
>    think this hurts anything, but calling this more than once is quite
>    superfluous. Also, if there are no connections in this list (i.e.,
>    local-to-local backup), the signal handler will never be
>    installed. I'm not sure if this is the desired behavior or not.
> 
> On Thu, Aug 21, 2003 at 07:41:25AM -0500, Randall Nortman wrote:
> > I'm running rdiff-backup remotely via ssh, using --restrict-read-only
> > for security. The command being run on the remote (source) side is a
> > shell script containing only the following command:
> > 
> > /usr/bin/python2.2 /usr/local/bin/rdiff-backup --server 
> > --restrict-read-only /etc
> > 
> > The command executed on the local (target) side is:
> > 
> > rdiff-backup --remote-schema 'ssh -C %s /path/to/script' hostname::/etc 
> > /path/to/target
> > 
> > 
> > When I try to run a backup, I get this:
> > 
> > Traceback (most recent call last):
> >   File "/usr/local/bin/rdiff-backup", line 24, in ?
> >     rdiff_backup.Main.Main(sys.argv[1:])
> >   File "/usr/local/lib/python2.2/site-packages/rdiff_backup/Main.py",
> >   line 245, in Main
> >     misc_setup(rps)
> >   File "/usr/local/lib/python2.2/site-packages/rdiff_backup/Main.py",
> >   line 211, in misc_setup
> >     conn.robust.install_signal_handlers()
> >   File
> >   "/usr/local/lib/python2.2/site-packages/rdiff_backup/connection.py",
> >   line 424, in __call__
> >     return apply(self.connection.reval, (self.name,) + args)
> >   File
> >   "/usr/local/lib/python2.2/site-packages/rdiff_backup/connection.py",
> >   line 346, in reval
> >     if isinstance(result, Exception): raise result
> > rdiff_backup.Security.Violation:
> > Warning Security Violation!
> > Bad request for function: robust.install_signal_handlers
> > with arguments: []
> > 
> > 
> > I was using exactly the same setup (same arguments, etc.) with version
> > 0.10.1 without a problem. (I upgraded because I want to preserve
> > uid/gid even though the backup user is not root.)
> > 
> > Am I doing something wrong, or is this a bug?




reply via email to

[Prev in Thread] Current Thread [Next in Thread]