[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [rdiff-backup-users] FW: Bug#252654: rdiff-backup --server gives ful
|
From: |
Ben Escoto |
|
Subject: |
Re: [rdiff-backup-users] FW: Bug#252654: rdiff-backup --server gives full discretionary power |
|
Date: |
Fri, 4 Jun 2004 09:33:35 -0700 |
>>>>> John Goerzen <address@hidden>
>>>>> wrote the following on Fri, 4 Jun 2004 10:40:08 -0500
> Got this bug report at Debian:
>
> ----- Forwarded message from Marc Haber <address@hidden> -----
>
> From: Marc Haber <address@hidden>
> Date: Fri, 04 Jun 2004 17:13:17 +0200
> Reply-To: Marc Haber <address@hidden>, address@hidden
> To: Debian Bug Tracking System <address@hidden>
> Subject: Bug#252654: rdiff-backup --server gives full discretionary power
...
> However, rdiff-backup --server doesn't have any possibility to
> restrict the operation. So, I could easily do a rdiff-backup from the
> local box to the remote box, overwriting /etc/shadow and other
> interesting files with my local versions. The only security I have
> against this is the security of the private key which is an issue on
> the local system.
There may be an easy answer to this bug at least: See the --restrict*
options.
--
Ben Escoto
pgp2WsMsvtPr6.pgp
Description: PGP signature