Re: utilisateur backup

To: "Noah L. Meyerhans" <frodo@morgul.net>
Cc: Debian Security List <debian-security@lists.debian.org>
Subject: Re: utilisateur backup
From: Boris Daix <Boris.Daix@insa-lyon.fr>
Date: Fri, 19 Jul 2002 17:44:48 +0200
Message-id: <[🔎] 87y9c7oh73.fsf@pulsar.resi.insa-lyon.fr>
In-reply-to: <[🔎] 20020719111514.B13034@morgul.net> ("Noah L. Meyerhans"'s message of "Fri, 19 Jul 2002 11:15:14 -0400")
References: <[🔎] 87ofd411s9.fsf@pulsar.resi.insa-lyon.fr> <[🔎] 20020719135818.GA514@Osterstein> <[🔎] 20020719111514.B13034@morgul.net>

"Noah L. Meyerhans" <frodo@morgul.net> writes:

[...]
> So the worst that can happen if the key gets compromised is that the
> attacker can trigger a backup of your system.  Conceivably this could be
> a DoS, at worst.  But it's a very common setup.  In fact, the standard
> method of mirroring Debian involves exactly this type of configuration.

What I wonder is how far the backup user can read (or, worst, even write) to
local fs. If it's just able to look at some /home and /var dirs, and
can write only to /var/backups, it would be enough and I'll be quite
confident. But at this time I don't know how to know this.

>> >    - Is amanda appropriate for this task and would it be more secure
>> >      to use it instead ?
>> 
>> I am using it to backup a bunch of maschines on one tape also using
>> cron. I found it easy to configure and am quite satisfied. You can even
>> configure Amanda in a way that it only transfers changes. On the other
>> hand, Amanda is meant to dump backups on tapes. I cant tell you if there
>> is an easy way to reconfigure it.
>
> Amanda has no security.  It does not encrypt any of the data going out
> over the network.  I doesn't support strong host authentication.  It
> can't be tunnelled over ssh.  Tunnelling rdump over ssh is way more
> secure than amanda.  Running amanda over an IPsec link is a good
> approach, and what I use to backup most of my servers.

I don't know IPsec - but I'm too ashame to ask for what it implies
:-)) I'll look for it, but as I won't use amanda ('cause no tape),
backup user may be better if I find what it has access to.

>> Amanda provides some sort of restricted host access. But I cant tell, if
>> it would retain a determined attacker.
>
> It supports .amandahosts.  It's similar to .rhosts.  It can also do
> kerberos, but most people don't have a kerberos infrastructure.
>
> noah
>
> -- 
>  _______________________________________________________
> | Web: http://web.morgul.net/~frodo/
> | PGP Public Key: http://web.morgul.net/~frodo/mail.html 

Thanks

-- 
Boris Daix

	"Feel free to be free, or not to be..."


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- utilisateur backup
  - From: Boris Daix <Boris.Daix@insa-lyon.fr>
- Re: utilisateur backup
  - From: Mathias Palm <Mathias.Palm@gmx.net>
- Re: utilisateur backup
  - From: "Noah L. Meyerhans" <frodo@morgul.net>

Prev by Date: Re: utilisateur backup
Next by Date: Recent fun on Debian-Security
Previous by thread: Re: utilisateur backup
Next by thread: Re: utilisateur backup
Index(es):
- Date
- Thread