On 11/2/21 10:14, Felix Wolters wrote:
Jeff,
I appreciate your detailled discussion of the topic, and I consider your
arguments to be strong.
But this …
Finally, while the sudoer code I shared in my previous note was just
aimed at restricting the sudoer power to rsync with specific flags,
I'm pretty sure that it could be easily expanded to
also limit access to only certain files/directories but just extending
the sudoer line to add the paths desired, thereby further restricting
the reach of the sudo command allowed.
seems to be the critical point to me. Have your tried that? (I haven’t
yet; a quick search at least doesn’t show up manifestations of this
approach.)
At the end of the day, with rrsync, you are still allowing root
access to ssh and that just doesn't feel right.
Well … any time you administrate a remote machine, you gain root access
over ssh to it, so this alone is a danger we use to deal with. On the
other hand, with the rsync-via-sudoers approach – don’t we open rsync to
the full system, so basically an attacker on the currupted server would
be able to basically rsync the whole machine to himself? So, at the end
of the day, aren’t we trading a potential security vulnerability
(rrsync) with a heavy real one (rsync via sudoers)?
It seems that both approaches are adding some security, some of that
security is overlapping, and some is unique to each approach. If you
really want to protect as much as possible, why not use both? Have a
non-root user call sudo which calls rrsync....
Based on my minimal understanding that rrsync is simply a script which
checks the arguments given to the real rsync before calling it.
PPS, also keep in mind that avoiding sudo avoids security complications
in sudo, as avoiding rrsync avoids potential security bugs in rrsync
(eg, the ability to exploit argument processing to get remote code
execution) both of which might have been protected with plain rsync and
ssh alone.
Just my 0.02c....
_______________________________________________
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: https://github.com/backuppc/backuppc/wiki
Project: https://backuppc.github.io/backuppc/
