On 6/17/2010 9:29 AM, Jonathan Schaeffer wrote:
> Hi all,
>
> I'm administrating a BackupPC server and I'm concerned about the security of 
> the
> whole system.

It is based on controlling access to root and the backuppc user on the 
server.  I don't see a way around that.

> I configured the linux clients as unpriviledged users doing sudos for rsyncs 
> to
> limit the risk of intrusion from the backupPC server to the clients as 
> described
> in the FAQ :
> http://backuppc.sourceforge.net/faq/ssh.html#how_can_client_access_as_root_be_avoided
>
> But I found a simple way to screw up the client when the backupPC server is
> corrupted :
>
> It is easy to empty some (or all) files of a backup :
>
> root@backuppc:/data/backuppc/pc/172.16.2.44/3/f%2f/fhome/fjschaeff# cat
> /dev/null>  f.bashrc

I think this falls into the "if it hurts, don't do it" category.

> And then, when the client restores the file, it gets an empty file.
>
> Is there a checking mechanism to ensure the integrity of the restored files ?
> i.e. the server can check that the files he is about to restore is the same as
> the one he stored previously ?

If you are going to corrupt something intentionally and you have root 
access, you would also be able to replace/bypass any such check.  Don't 
give anyone you don't trust root access...

-- 
   Les Mikesell
      lesmikesell AT gmail DOT com


------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate 
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
lucky parental unit.  See the prize list and enter to win: 
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/