Re: [rdiff-backup-users] SECURITY: Not all file ops accessed via vetted

rdiff-backup-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [rdiff-backup-users] SECURITY: Not all file ops accessed via vetted

From:	Ben Escoto
Subject:	Re: [rdiff-backup-users] SECURITY: Not all file ops accessed via vetted RPath objects? Also a path prefixing patch
Date:	Sat, 20 Aug 2005 01:19:00 -0500

>>>>> Charles Duffy <address@hidden>
>>>>> wrote the following on Thu, 18 Aug 2005 06:39:44 -0500
>
> Yes, I have one (netcat on the client, tcpsvd on the server). That's 
> fine, it works -- but it rules out the (SSH-based) multi-server 
> authentication mechansims which have been thus far suggested (and which 
> I don't have a need for anyhow, on account of the VPN).

Well I was just suggesting using usernames..  Like instead of having
the server run

    rdiff-backup --restrict XXXX --force-path-prefix XXXX --server

you could have it run

    cd XXXX; sudo -u YYYYY rdiff-backup --restrict . --server

to avoid patching rdiff-backup and for an additional layer of
security.  Anyway it's up to you, I'm mainly posting to say I think
the security bug is fixed in CVS.  Thank you for the report.


-- 
Ben Escoto

pgpwU1RccmOAb.pgp
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[rdiff-backup-users] SECURITY: Not all file ops accessed via vetted RPath objects? Also a path prefixing patch, Charles Duffy, 2005/08/16
- [rdiff-backup-users] Update to that path prefixing patch, Charles Duffy, 2005/08/16
- Re: [rdiff-backup-users] SECURITY: Not all file ops accessed via vetted RPath objects? Also a path prefixing patch, Ben Escoto, 2005/08/17
  - Re: [rdiff-backup-users] SECURITY: Not all file ops accessed via vetted RPath objects? Also a path prefixing patch, Charles Duffy, 2005/08/17
    - Re: [rdiff-backup-users] SECURITY: Not all file ops accessed via vetted RPath objects? Also a path prefixing patch, Ben Escoto, 2005/08/17
    - Re: [rdiff-backup-users] SECURITY: Not all file ops accessed via vetted RPath objects? Also a path prefixing patch, Charles Duffy, 2005/08/17
    - Re: [rdiff-backup-users] SECURITY: Not all file ops accessed via vetted RPath objects? Also a path prefixing patch, Keith Edmunds, 2005/08/17
    - Re: [rdiff-backup-users] SECURITY: Not all file ops accessed via vetted RPath objects? Also a path prefixing patch, Charles Duffy, 2005/08/17
    - Re: [rdiff-backup-users] SECURITY: Not all file ops accessed via vetted RPath objects? Also a path prefixing patch, Ben Escoto, 2005/08/18
    - Re: [rdiff-backup-users] SECURITY: Not all file ops accessed via vetted RPath objects? Also a path prefixing patch, Charles Duffy, 2005/08/18
    - Re: [rdiff-backup-users] SECURITY: Not all file ops accessed via vetted RPath objects? Also a path prefixing patch, Ben Escoto <=
    - Re: [rdiff-backup-users] SECURITY: Not all file ops accessed via vetted RPath objects? Also a path prefixing patch, Charles Duffy, 2005/08/20
    - Re: [rdiff-backup-users] SECURITY: Not all file ops accessed via vetted RPath objects? Also a path prefixing patch, dean gaudet, 2005/08/17
    - Re: [rdiff-backup-users] SECURITY: Not all file ops accessed via vetted RPath objects? Also a path prefixing patch, Charles Duffy, 2005/08/17

Prev by Date: Re: [rdiff-backup-users] Version 1.0 what about the old ones?
Next by Date: [rdiff-backup-users] Backing up multiple directories
Previous by thread: Re: [rdiff-backup-users] SECURITY: Not all file ops accessed via vetted RPath objects? Also a path prefixing patch
Next by thread: Re: [rdiff-backup-users] SECURITY: Not all file ops accessed via vetted RPath objects? Also a path prefixing patch
Index(es):
- Date
- Thread