>>>>> Blair Zajac <[EMAIL PROTECTED]> >>>>> wrote the following on Sat, 12 Nov 2005 19:41:10 -0800 > > Yes, it appears that the problem is that rdiff-backup's data > directory is 700, which prevents normal users from reading it. > > I'm guessing that this is this intended? I would be nice for it to > be 755 by default, to allow non-root users restore backups > themselves. > > However, from a security point of view, what kind of data are they > getting access to that they should not have? The actual backup > files and directories have the same permissions as the original, so > there's no gained visibility. Is it just potentially a list of the > files that were backed up? Could the incremental data have the file > permissions as the original?
Yes, the 700 on the rdiff-backup-data directory is intentional. The mirror files have their original permissions, so restores from current data are already possible. Opening up the rdiff-backup-data directory would basically provide access to two additional pieces of information: the mirror_metadata files, and the increments directory. The mirror_metadata files contains information on every file, so we don't want that world-readable. Although increments already have the permissions and ownership of the original files they represent, the structure of the increments directory structure leaks information. To correct this, I suppose rdiff-backup should look at an increments directory, and allow access if and only if the user has had access at every time rdiff-backup was run. But this would be a pain, and unix permissions aren't flexible enough to do this anyway. Finally, the diffs themselves may leak information [long-winded complicated example of this deleted]. -- Ben Escoto
pgpIZ8cPfn0K1.pgp
Description: PGP signature
_______________________________________________ rdiff-backup-users mailing list at [email protected] http://lists.nongnu.org/mailman/listinfo/rdiff-backup-users Wiki URL: http://rdiff-backup.solutionsfirst.com.au/index.php/RdiffBackupWiki
