[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [rdiff-backup-users] "warning security violation" on fs_abilities.re
|
From: |
Klaas Gadeyne |
|
Subject: |
Re: [rdiff-backup-users] "warning security violation" on fs_abilities.restore_set_globals when trying to restore [ctd] |
|
Date: |
Fri, 25 Jul 2008 16:15:13 +0200 (CEST) |
On Fri, 25 Jul 2008, Andrew Ferguson wrote:
On Jul 25, 2008, at 8:02 AM, Klaas Gadeyne wrote:
it seems like I have the same problem as described previously on this
mailinglist
<http://www.mail-archive.com/address@hidden/msg02352.html>
To be short: - backups work fine
- restores don't
[...]
I'm trying this on 2 Debian stable systems (using the debian packages, that
is). I tried with *both* the official stable package and the one in
backports, so the issue seems to be unrelated to rdiff version 1.1.5.
sh-3.1$ ls -l /var/cache/apt/archives/rdiff-backup_1.1.*
-rw-r--r-- 1 root root 186224 2008-03-20 09:32
/var/cache/apt/archives/rdiff-backup_1.1.15-2~bpo40+1_amd64.deb
-rw-r--r-- 1 root root 175064 2006-12-27 23:02
/var/cache/apt/archives/rdiff-backup_1.1.5-4_amd64.deb
Unfortunately, it seems that no solution was provided (at least not *on*
list [*]). Any suggestions to further debug this issue?
That issue was never resolved for two reasons: I cannot reproduce this
problem and the original poster never returned my last (off list) message.
For the original poster, it became apparent that the restore could work the
other way -- that is, by logging on to 'pc00136-backup', the user could do
'rdiff-backup -r now backup-host::/test-backup /tmp/testrestore'.
I have again, just now, tested restoring to a remote host (like you want to
do) and it went fine using the latest rdiff-backup. Personally, I suspect
that there is some sort of misconfiguration (at your end, or Debian's) due to
the multiple versions of rdiff-backup, paths, etc.
I guess it will be at my end :-( (unless no user of the debian package has ever
tried to restore so far, or they were too lazy to submit a bug report :-)
To start debugging this issue yourself, you will need to:
1) Make sure there is only one copy of the rdiff-backup files on your remote
system. These files live inside the Python site-packages directory. A simple
`locate librsync.py` should point you in the right direction.
address@hidden:/ #
locate librsync.py
/usr/share/python-support/rdiff-backup/rdiff_backup/librsync.py
/var/lib/python-support/python2.4/rdiff_backup/librsync.py
/var/lib/python-support/python2.4/rdiff_backup/librsync.pyc
address@hidden:/ #
ll /usr/share/python-support/rdiff-backup/rdiff_backup/librsync.py
-rw-r--r-- 1 root root 6741 2008-01-03 16:36
/usr/share/python-support/rdiff-backup/rdiff_backup/librsync.py
address@hidden:/ #
ll /var/lib/python-support/python2.4/rdiff_backup/librsync.py
lrwxrwxrwx 1 root root 63 2008-07-25 11:38
/var/lib/python-support/python2.4/rdiff_backup/librsync.py ->
/usr/share/python-support/rdiff-backup/rdiff_backup/librsync.py
So this condition seems to be fulfilled.
2) Check the follow lines inside rdiff-backup's files. If you want, you can
simply send me the files as attachments and I will check them.
- In rdiff_backup/Security.py, there should be a line which has
"fs_abilities.restore_set_globals" as part of an 'if sec_level == "all": '
test.
There is
if sec_level == "all":
l.extend(["os.mkdir", "os.chown", "os.lchown", "os.rename",
"os.unlink", "os.remove", "os.chmod",
"os.makedirs",
"backup.DestinationStruct.patch",
"restore.TargetStruct.get_initial_iter",
"restore.TargetStruct.patch",
"restore.TargetStruct.set_target_select",
"fs_abilities.restore_set_globals",
"fs_abilities.single_set_globals",
"regress.Regress",
"manage.delete_earlier_than_local"])
- In rdiff_backup/Globals.py, there should be a line which has
'security_level = "all"'
OK too.
address@hidden:/ #
locate Globals.py
/usr/share/python-support/rdiff-backup/rdiff_backup/Globals.py
/var/lib/python-support/python2.4/rdiff_backup/Globals.py
/var/lib/python-support/python2.4/rdiff_backup/Globals.pyc
address@hidden:/ #
ll /var/lib/python-support/python2.4/rdiff_backup/Globals.py
lrwxrwxrwx 1 root root 62 2008-07-25 11:38
/var/lib/python-support/python2.4/rdiff_backup/Globals.py ->
/usr/share/python-support/rdiff-backup/rdiff_backup/Globals.py
address@hidden:/ #
grep security_level /var/lib/python-support/python2.4/rdiff_backup/Globals.py
# security_level has 4 values and controls which requests from remote
security_level = "all"
Lastly, if indeed those are the only copies of Security.py and Globals.py on
your system, and those lines are set as I indicated, then you should run
rdiff-backup with "-v9" (not "-v7") to get the highest level of debugging.
Then, e-mail the *complete* output to the mailing list. Please do not snip
any part of the debug messages. Although you may not understand the Python
stuff, folks on this mailing list do. :-)
sh-3.1$ rdiff-backup -v9 --restore-as-of now test-backup
pc00136-backup::/tmp/testrestore
Fri Jul 25 16:04:46 2008 Using rdiff-backup version 1.1.15
Fri Jul 25 16:04:46 2008 Using mirror root directory /var/backups/test-backup
Fri Jul 25 16:04:46 2008 Executing ssh -C pc00136-backup rdiff-backup --server
Fri Jul 25 16:04:46 2008 Client sending (0): ConnectionRequest: Globals.get
with 1 arguments
Fri Jul 25 16:04:46 2008 Client sending (0): 'version'
Fri Jul 25 16:04:46 2008 Client received (0): '1.1.15'
Fri Jul 25 16:04:46 2008 Registering connection 1
Fri Jul 25 16:04:46 2008 Client sending (0): ConnectionRequest:
SetConnections.init_connection_remote with 1 arguments
Fri Jul 25 16:04:46 2008 Client sending (0): 1
Fri Jul 25 16:04:47 2008 Client received (0): None
Fri Jul 25 16:04:47 2008 Client sending (0): ConnectionRequest:
log.Log.setverbosity with 1 arguments
Fri Jul 25 16:04:47 2008 Client sending (0): 9
Fri Jul 25 16:04:47 2008 Server sending (0): None
Fri Jul 25 16:04:47 2008 Client received (0): None
Fri Jul 25 16:04:47 2008 Client sending (0): ConnectionRequest:
log.Log.setterm_verbosity with 1 arguments
Fri Jul 25 16:04:47 2008 Client sending (0): 9
Fri Jul 25 16:04:47 2008 Server received (0): ConnectionRequest:
log.Log.setterm_verbosity with 1 arguments
Fri Jul 25 16:04:47 2008 Server received (0): 9
Fri Jul 25 16:04:47 2008 Server sending (0): None
Fri Jul 25 16:04:47 2008 Client received (0): None
Fri Jul 25 16:04:47 2008 Client sending (0): ConnectionRequest: Globals.set
with 2 arguments
Fri Jul 25 16:04:47 2008 Client sending (0): 'rbdir'
Fri Jul 25 16:04:47 2008 Client sending (0): Path:
/var/backups/test-backup/rdiff-backup-data
Index: ()
Data: {'uid': 34, 'perms': 448, 'type': 'dir', 'gname': 'backup', 'ctime':
1216984511, 'devloc': 2049L, 'uname': 'backup', 'nlink': 3, 'gid': 34, 'mtime':
1216984511, 'atime': 1216993129, 'inode': 295079, 'size': 4096}
Fri Jul 25 16:04:47 2008 Server received (0): ConnectionRequest: Globals.set
with 2 arguments
Fri Jul 25 16:04:47 2008 Server received (0): 'rbdir'
Fri Jul 25 16:04:47 2008 Server received (0): Path:
/var/backups/test-backup/rdiff-backup-data
Index: ()
Data: {'size': 4096, 'ctime': 1216984511, 'perms': 448, 'inode': 295079,
'mtime': 1216984511, 'devloc': 2049L, 'uname': 'backup', 'nlink': 3, 'gname':
'backup', 'gid': 34, 'atime': 1216993129, 'type': 'dir', 'uid': 34}
Fri Jul 25 16:04:47 2008 Server sending (0): None
Fri Jul 25 16:04:47 2008 Client received (0): None
Fri Jul 25 16:04:47 2008 Client sending (0): ConnectionRequest:
C.make_file_dict with 1 arguments
Fri Jul 25 16:04:47 2008 Client sending (0): '/tmp/testrestore'
Fri Jul 25 16:04:47 2008 Server received (0): ConnectionRequest:
C.make_file_dict with 1 arguments
Fri Jul 25 16:04:47 2008 Server received (0): '/tmp/testrestore'
Fri Jul 25 16:04:47 2008 Server sending (0): {'type': None}
Fri Jul 25 16:04:47 2008 Client received (0): {'type': None}
Fri Jul 25 16:04:47 2008 Client sending (0): ConnectionRequest:
C.make_file_dict with 1 arguments
Fri Jul 25 16:04:47 2008 Client sending (0): '/tmp/testrestore'
Fri Jul 25 16:04:47 2008 Server received (0): ConnectionRequest:
C.make_file_dict with 1 arguments
Fri Jul 25 16:04:47 2008 Server received (0): '/tmp/testrestore'
Fri Jul 25 16:04:47 2008 Server sending (0): {'type': None}
Fri Jul 25 16:04:47 2008 Client received (0): {'type': None}
Fri Jul 25 16:04:47 2008 Client sending (0): ConnectionRequest:
Time.setcurtime_local with 1 arguments
Fri Jul 25 16:04:47 2008 Client sending (0): 1216994687
Fri Jul 25 16:04:47 2008 Server received (0): ConnectionRequest:
Time.setcurtime_local with 1 arguments
Fri Jul 25 16:04:47 2008 Server received (0): 1216994687
Fri Jul 25 16:04:47 2008 Server sending (0): None
Fri Jul 25 16:04:47 2008 Client received (0): None
Fri Jul 25 16:04:47 2008 Client sending (0): ConnectionRequest: Globals.set
with 2 arguments
Fri Jul 25 16:04:47 2008 Client sending (0): 'client_conn'
Fri Jul 25 16:04:47 2008 Client sending (0): LocalConnection
Fri Jul 25 16:04:47 2008 Server received (0): ConnectionRequest: Globals.set
with 2 arguments
Fri Jul 25 16:04:47 2008 Server received (0): 'client_conn'
Fri Jul 25 16:04:47 2008 Server received (0): PipeConnection 0
Fri Jul 25 16:04:47 2008 Server sending (0): None
Fri Jul 25 16:04:47 2008 Client received (0): None
Fri Jul 25 16:04:47 2008 Client sending (0): ConnectionRequest:
Globals.postset_regexp_local with 3 arguments
Fri Jul 25 16:04:47 2008 Client sending (0): 'no_compression_regexp'
Fri Jul 25 16:04:47 2008 Client sending (0):
'(?i).*\\.(gz|z|bz|bz2|tgz|zip|rpm|deb|jpg|jpeg|gif|png|jp2|mp3|ogg|avi|wmv|mpeg|mpg|rm|mov|flac|shn|pgp|gpg|rz|lzh|zoo|lharc|rar|arj|asc)$'
Fri Jul 25 16:04:47 2008 Client sending (0): None
Fri Jul 25 16:04:47 2008 Server received (0): ConnectionRequest:
Globals.postset_regexp_local with 3 arguments
Fri Jul 25 16:04:47 2008 Server received (0): 'no_compression_regexp'
Fri Jul 25 16:04:47 2008 Server received (0):
'(?i).*\\.(gz|z|bz|bz2|tgz|zip|rpm|deb|jpg|jpeg|gif|png|jp2|mp3|ogg|avi|wmv|mpeg|mpg|rm|mov|flac|shn|pgp|gpg|rz|lzh|zoo|lharc|rar|arj|asc)$'
Fri Jul 25 16:04:47 2008 Server received (0): None
Fri Jul 25 16:04:47 2008 Server sending (0): None
Fri Jul 25 16:04:47 2008 Client received (0): None
Fri Jul 25 16:04:47 2008 Client sending (0): ConnectionRequest:
robust.install_signal_handlers with 0 arguments
Fri Jul 25 16:04:47 2008 Server received (0): ConnectionRequest:
robust.install_signal_handlers with 0 arguments
Fri Jul 25 16:04:47 2008 Server sending (0): None
Fri Jul 25 16:04:47 2008 Client received (0): None
Fri Jul 25 16:04:47 2008 Client sending (0): ConnectionRequest:
Hardlink.initialize_dictionaries with 0 arguments
Fri Jul 25 16:04:47 2008 Server received (0): ConnectionRequest:
Hardlink.initialize_dictionaries with 0 arguments
Fri Jul 25 16:04:47 2008 Server sending (0): None
Fri Jul 25 16:04:47 2008 Client received (0): None
Fri Jul 25 16:04:47 2008 Client sending (0): ConnectionRequest:
fs_abilities.restore_set_globals with 1 arguments
Fri Jul 25 16:04:47 2008 Client sending (0): Path: /tmp/testrestore
Index: ()
Data: {'type': None}
Fri Jul 25 16:04:47 2008 Server received (0): ConnectionRequest:
fs_abilities.restore_set_globals with 1 arguments
Fri Jul 25 16:04:47 2008 Server received (0): Path: /tmp/testrestore
Index: ()
Data: {'type': None}
Fri Jul 25 16:04:47 2008 Sending back exception
Warning Security Violation!
Bad request for function: fs_abilities.restore_set_globals
with arguments: [<rdiff_backup.rpath.RPath instance at 0xb78e222c>]
of type rdiff_backup.Security.Violation:
File "/var/lib/python-support/python2.4/rdiff_backup/connection.py", line
333, in answer_request
Security.vet_request(request, argument_list)
File "/var/lib/python-support/python2.4/rdiff_backup/Security.py", line 221,
in vet_request
raise_violation(request, arglist)
File "/var/lib/python-support/python2.4/rdiff_backup/Security.py", line 203,
in raise_violation
raise Violation("\nWarning Security Violation!\n"
Fri Jul 25 16:04:47 2008 Server sending (0):
Warning Security Violation!
Bad request for function: fs_abilities.restore_set_globals
with arguments: [<rdiff_backup.rpath.RPath instance at 0xb78e222c>]
Fri Jul 25 16:04:47 2008 Client received (0):
Warning Security Violation!
Bad request for function: fs_abilities.restore_set_globals
with arguments: [<rdiff_backup.rpath.RPath instance at 0xb78e222c>]
Fri Jul 25 16:04:47 2008 Exception '
Warning Security Violation!
Bad request for function: fs_abilities.restore_set_globals
with arguments: [<rdiff_backup.rpath.RPath instance at 0xb78e222c>]
' raised of class 'rdiff_backup.Security.Violation':
File "/var/lib/python-support/python2.4/rdiff_backup/Main.py", line 302, in
error_check_Main
try: Main(arglist)
File "/var/lib/python-support/python2.4/rdiff_backup/Main.py", line 322, in
Main
take_action(rps)
File "/var/lib/python-support/python2.4/rdiff_backup/Main.py", line 288, in
take_action
elif action == "restore-as-of": Restore(rps[0], rps[1], 1)
File "/var/lib/python-support/python2.4/rdiff_backup/Main.py", line 487, in
Restore
dest_rp.conn.fs_abilities.restore_set_globals(dest_rp)
File "/var/lib/python-support/python2.4/rdiff_backup/connection.py", line
447, in __call__
return apply(self.connection.reval, (self.name,) + args)
File "/var/lib/python-support/python2.4/rdiff_backup/connection.py", line
369, in reval
if isinstance(result, Exception): raise result
Traceback (most recent call last):
File "/usr/bin/rdiff-backup", line 23, in ?
rdiff_backup.Main.error_check_Main(sys.argv[1:])
File "/var/lib/python-support/python2.4/rdiff_backup/Main.py", line 302, in
error_check_Main
try: Main(arglist)
File "/var/lib/python-support/python2.4/rdiff_backup/Main.py", line 322, in
Main
take_action(rps)
File "/var/lib/python-support/python2.4/rdiff_backup/Main.py", line 288, in
take_action
elif action == "restore-as-of": Restore(rps[0], rps[1], 1)
File "/var/lib/python-support/python2.4/rdiff_backup/Main.py", line 487, in
Restore
dest_rp.conn.fs_abilities.restore_set_globals(dest_rp)
File "/var/lib/python-support/python2.4/rdiff_backup/connection.py", line
447, in __call__
return apply(self.connection.reval, (self.name,) + args)
File "/var/lib/python-support/python2.4/rdiff_backup/connection.py", line
369, in reval
if isinstance(result, Exception): raise result
rdiff_backup.Security.Violation:
Warning Security Violation!
Bad request for function: fs_abilities.restore_set_globals
with arguments: [<rdiff_backup.rpath.RPath instance at 0xb78e222c>]
Fri Jul 25 16:04:47 2008 Exception 'Truncated header string (problem probably
originated remotely)' raised of class
'rdiff_backup.connection.ConnectionReadError':
File "/var/lib/python-support/python2.4/rdiff_backup/Main.py", line 302, in
error_check_Main
try: Main(arglist)
File "/var/lib/python-support/python2.4/rdiff_backup/Main.py", line 322, in
Main
take_action(rps)
File "/var/lib/python-support/python2.4/rdiff_backup/Main.py", line 276, in
take_action
connection.PipeConnection(sys.stdin, sys.stdout).Server()
File "/var/lib/python-support/python2.4/rdiff_backup/connection.py", line
354, in Server
self.get_response(-1)
File "/var/lib/python-support/python2.4/rdiff_backup/connection.py", line
314, in get_response
try: req_num, object = self._get()
File "/var/lib/python-support/python2.4/rdiff_backup/connection.py", line
232, in _get
raise ConnectionReadError("Truncated header string (problem "
FWIW, I roughly followed these instructions when setting the system up:
<http://arctic.org/~dean/rdiff-backup/unattended.html>
LOCAL:
sh-3.1$ cat .ssh/config
host pc00136-backup
hostname pc00136.site04.wtcm.be
user root
identityfile /var/backups/.ssh/id_rsa
protocol 2
Thx for your help.
Klaas