Hi mates,
Have been doing some checks with Bacula and TLS.
At present I have a TLS enable directive, require tis to yes and the ca
certificate public key (of an own CA) copied in the server and the client.
Now I become an attacker and If I create a new client certificate with the same
CN as the present used one in bacula-fd and configure bacula-fd to use this
falsified certificate
of the falsified ca whose public key is used in the ca cert file directive of
the bacula-fd, you can’t do from the server (director) a status client. This
seems to be fine, because it seems
that like we are not using a known ca (like geotrust, thawte or similar) and
each other part is not using certificate signed by the ca whose public key they
have in the config each
part, the fd and the dir refuse to agree, basically to arrange a TLS connection.
So now… my question is then… when is required to use TLS Verify peer in the
director and the fd?. When someone could use a certificate from Thawte for
example??. Then you can use
TLS Allowed CN for even in this situation to avoid using this Thawte’s certs in
some way?. But how? the CN could be same as the “good” certificate one.
What’s the real purpose of verify peer an tls allowed cn?.
Now by the way… the main reason I needed TLS to work fine, is just for avoiding
an arp poissoning attack to make Bacula store or restore injected data in a
backup. How could this be done
noticing that anyone could create a Thawte’s for instance certificate for the
client, and even you have TLS Allowed CN the CN of the client, as the cert is
valid, this damage could be caused?
isn’t it?.
Thanks a lot really,
------------------------------------------------------------------------------
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
|