Jeffrey J. Kosowsky wrote:
>
> > However, it would still be disturbing to realize that your backup
> > integrity could be compromised by anyone with access to the files.
> > Consider a scenario where a disgruntled employee who still has access to
> > files first prepares the 'evil twin' file with the hack to force an md5
> > value and puts it somewhere that the backup system will find it. Later
> > he makes the matching alteration to critical files in a way that doesn't
> > break normal use. Then he waits for any backups of the unaltered data
> > to expire, then destroys the working copies and leaves.
> >
> > Assuming it's your job to restore a working copy, what happens next?
>
> I would assume that if such a "disgruntled" employee has *write*
> access to critical files, then surreptitiously modifying a few backup
> copies would be the least of your worries.
Perhaps, but you are the backup guy and expected to be able to fix those
other things.
> He could much more easily
> and reliably make other non-detectable changes to the same critical
> files that would be much more guaranteed to create damage than to hope
> that some day there would be a crash of the system requiring a restore
> of the corrupted pool file.
He doesn't have to 'hope' you need a restore - he can just wipe all the
live copies. Now it's time for you to put back the old working copies.
With the current backuppc scheme of collision detection you could - if
you relied on md5's blindly you couldn't - or you might get an ugly
surprise from the substitute file.
> And if an employee was so skilled to know
> how to manipulate the block architecture and md5sum hash of the backup
> system,
At this point that basically means he knows how to read - but having
smart employees is not something a company should generally avoid.
> then he surely would be talented enough to come up with many
> more serious, evil, and probably less detectable ways of causing
> damage.
But you expect your backups to protect against those things. There
probably would be even more subtle implications where a backup system is
shared by different companies or groups and one could poison the pool
against files they might be delivering to one of the others.
--
Les Mikesell
lesmikes...@gmail.com
------------------------------------------------------------------------------
OpenSolaris 2009.06 is a cutting edge operating system for enterprises
looking to deploy the next generation of Solaris that includes the latest
innovations from Sun and the OpenSource community. Download a copy and
enjoy capabilities such as Networking, Storage and Virtualization.
Go to: http://p.sf.net/sfu/opensolaris-get
_______________________________________________
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
