[rdiff-backup-users] FW: Bug#252654: rdiff-backup --server gives full di

rdiff-backup-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[rdiff-backup-users] FW: Bug#252654: rdiff-backup --server gives full di

From:	John Goerzen
Subject:	[rdiff-backup-users] FW: Bug#252654: rdiff-backup --server gives full discretionary power
Date:	Fri, 4 Jun 2004 10:40:08 -0500
User-agent:	Mutt/1.5.6i

Got this bug report at Debian:

----- Forwarded message from Marc Haber <address@hidden> -----

From: Marc Haber <address@hidden>
Date: Fri, 04 Jun 2004 17:13:17 +0200
Reply-To: Marc Haber <address@hidden>, address@hidden
To: Debian Bug Tracking System <address@hidden>
Subject: Bug#252654: rdiff-backup --server gives full discretionary power

Package: rdiff-backup
Version: 0.13.3.jgoerzen-3
Severity: normal

Hi,

first, let me thank you for rdiff-backup. Besides from being written
in python (which I personally hate because it's such a huge
interpreter, leaving a big footprint on the system executing the
program), rdiff-backup is a very nice program. However, there is one
possible security issue.

When backing up a remote system to a local system, rdiff-backup needs
root privileges on the remote side to be able to read everything.
Thus, one is likely to say 'PermitRootLogin forced-commands-only' in
the sshd_config and to use 'command="rdiff-backup --server"' in the
authorized_keys file of the remote system.

However, rdiff-backup --server doesn't have any possibility to
restrict the operation. So, I could easily do a rdiff-backup from the
local box to the remote box, overwriting /etc/shadow and other
interesting files with my local versions. The only security I have
against this is the security of the private key which is an issue on
the local system.

I'd like to have a possibility to control _what_ is allowed on the
remote system, which is the one executing the 'rdist-backup --server'
command. For example, there could be a configuration file that could
in the easiest situation say "this rdist-backup server is only allowed
to do read operations here". In more complicated situations, the
config file could allow writing to one or more subtrees of the
system's file system tree.

I hope that I am making myself clear.

Greetings
Marc

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.6-janeway
Locale: LANG=C, LC_CTYPE=C

Versions of packages rdiff-backup depends on:
ii  libc6                       2.3.2.ds1-13 GNU C Library: Shared libraries an
ii  librsync1                   0.9.6-8      Binary diff library based on the r
ii  python2.3                   2.3.4-1      An interactive high-level object-o
ii  rdiff                       0.9.6-8      Binary diff tool for signature-bas

-- no debconf information

----- End forwarded message -----

[Prev in Thread]

Current Thread

[Next in Thread]

[rdiff-backup-users] FW: Bug#252654: rdiff-backup --server gives full discretionary power, John Goerzen <=
- Re: [rdiff-backup-users] FW: Bug#252654: rdiff-backup --server gives full discretionary power, Ben Escoto, 2004/06/04
  - Re: [rdiff-backup-users] FW: Bug#252654: rdiff-backup --server gives full discretionary power, John Goerzen, 2004/06/04

Prev by Date: [rdiff-backup-users] Re: How to use rdiff through a ssh tunnel ?
Next by Date: [rdiff-backup-users] FW: Bug#252648: rdiff-backup: --foo-filelist-stdin
Previous by thread: [rdiff-backup-users] How to use rdiff through a ssh tunnel ?
Next by thread: Re: [rdiff-backup-users] FW: Bug#252654: rdiff-backup --server gives full discretionary power
Index(es):
- Date
- Thread