On Thu, 25 Feb 2010 17:41:13 +0200, Alan McKinnon wrote: > And someone gets into your backup server, BANG! instant pwnage of every > single machine on your network. Heck, you don't even have to try and > compromise the local root account, you already have full unfettered > access to everything anyway.
Which is why you don't allow access to the backup server from outside of
the network, and restrict root access from inside. Because backups are
initiated from the server, it doesn't actually need any ports open to do
its job, although a web server is needed to run the user interface
(which isn't necessary). The ebuild sets up a separate instance of
Apache just for this, so even if you are already running Apache on the
backup server (which is a crazy idea to start with) compromising that
won't get you into the backups.
> Worse, I'll bet the server software runs
> as an unpriviledged user, so you can just bypass the bit where you have
> to compromise root there as well.
You lose :P
The server runs as a restricted user, with no login shell.
--
Neil Bothwick
WinErr 042: Virus error - A virus has been activated in a dos-box. The
virus, however, requires Windows. All tasks will automatically be closed
and the virus will be activated again.
signature.asc
Description: PGP signature
