On 6/18/2010 2:25 AM, Jonathan Schaeffer wrote:
>
>> If you are going to corrupt something intentionally and you have root
>> access, you would also be able to replace/bypass any such check. Don't
>> give anyone you don't trust root access...
> The problem is not who I give root access but who takes it in my back.
I think you are trying to solve the wrong problem. Start with the
premise that it is impossible to fix a system where a good hacker has
had root access.
> First, I will not connect the BackupPC host to the internet
> Then, I'll use a file alteration monitor on the system to be aware of any
> modification in the backupPC core programs and in the data stored. iwatch
> looks
> like a good candidate.
Again, keep in mind that anything on the system can be subverted by a
good hacker, including these tools and their databases.
> Finaly, I'll keep in mind that anybody gaining root priviledges can basicaly
> do
> all imaginable stuff.
>
> Still, would'nt it be a nice feature to check the file integrity before the
> restore ? Not only in case of evil intrusion but also in case of data
> corruption, preventing corrupted data to be restored.
I'd rather have a copy that had not been corrupted, so before spending
an inordinate amount of time second-guessing ways to detect unlikely
problems, I'd try to make sure I had a solution for them - like a 2nd
instance of a backup server in a different location. But, I suppose
such a check could be done by repeating the content-hashing pool
matching process to make sure you'd still map to the same pool filename.
--
Les Mikesell
lesmikesell AT gmail DOT com
------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
lucky parental unit. See the prize list and enter to win:
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
|