On 07/02/2013 02:32 PM, Josh Fisher wrote: > On 7/1/2013 4:09 PM, Kern Sibbald wrote: >> Hello, >> >> This is an interesting subject and what everyone says is correct. >> I have been thinking over the past few months about how to >> improve security, and although we already have one way that >> the FD can drop permissions to become a backup only FD, >> I have been thinking about two additions: >> >> 1. A command line option and/or perhaps a Directive that >> forces the FD into read-only mode -- i.e. it can only do >> Backups but no restores. Of course, to do restores, one >> would have to turn off the service and restart it (or another >> one) with restore permission if one wanted to do restores. >> >> 2. Implementation of a ScriptsDirectory that would allow the FD >> to run scripts only from that Directory rather than from any >> Directory. > A ScriptsDirectory is a good idea, although I would add that it is > essential that the ScriptsDirectory must NOT be restorable, else a > compromised Dir could place any script it wants in the ScriptDirectory > in a two-step attack. #2 does not make any difference unless used in > conjunction with #1. > > Also, another approach is a command line option or FD directive to > disallow scripts so that each FD could enable or disable scripts > altogether. Using PKI data encryption together with the ability to > disable scripts would allow for fairly safe restores, since the FD's > private key would be needed to alter any files being restored and a > compromised Dir could not run commands to alter the FD's private key > even when FD was running as root. > Hello Josh,
Good points. Thanks. I will be sure to use them as input for implementation. Best regards, Kern ... ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
