Hi mates, Have been doing some checks with Bacula and TLS.
At present I have a TLS enable directive, require tis to yes and the ca certificate public key (of an own CA) copied in the server and the client. Now I become an attacker and If I create a new client certificate with the same CN as the present used one in bacula-fd and configure bacula-fd to use this falsified certificate of the falsified ca whose public key is used in the ca cert file directive of the bacula-fd, you can’t do from the server (director) a status client. This seems to be fine, because it seems that like we are not using a known ca (like geotrust, thawte or similar) and each other part is not using certificate signed by the ca whose public key they have in the config each part, the fd and the dir refuse to agree, basically to arrange a TLS connection. So now… my question is then… when is required to use TLS Verify peer in the director and the fd?. When someone could use a certificate from Thawte for example??. Then you can use TLS Allowed CN for even in this situation to avoid using this Thawte’s certs in some way?. But how? the CN could be same as the “good” certificate one. What’s the real purpose of verify peer an tls allowed cn?. Now by the way… the main reason I needed TLS to work fine, is just for avoiding an arp poissoning attack to make Bacula store or restore injected data in a backup. How could this be done noticing that anyone could create a Thawte’s for instance certificate for the client, and even you have TLS Allowed CN the CN of the client, as the cert is valid, this damage could be caused? isn’t it?. Thanks a lot really, ------------------------------------------------------------------------------ _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
