|
From: | Charles Duffy |
Subject: | Re: [rdiff-backup-users] SECURITY: Not all file ops accessed via vetted RPath objects? Also a path prefixing patch |
Date: | Sat, 20 Aug 2005 07:54:49 -0500 |
User-agent: | Mozilla Thunderbird 1.0.2 (Windows/20050317) |
Ben Escoto wrote:
Hmm -- that might actually be useful. So I take it the client can use relative paths (ie. "server::backup" instead of "server::/backup", or at worst "server::./backup" and it'll be evaluated relative to the cwd)?Well I was just suggesting using usernames.. Like instead of having the server run rdiff-backup --restrict XXXX --force-path-prefix XXXX --server you could have it run cd XXXX; sudo -u YYYYY rdiff-backup --restrict . --server to avoid patching rdiff-backup and for an additional layer ofsecurity.
Separate per-client user accounts is impractical for my purposes for reasons I've already discussed -- but using relative paths could indeed make my patch unnecessary. Thanks for the suggestion!
[Prev in Thread] | Current Thread | [Next in Thread] |