Re: [Bacula-devel] Client run before security concern

2013-09-10 Thread Josh Fisher
On 9/10/2013 3:43 AM, Steve Lee wrote: Josh "would allow the attacker to restore and steal any backed up file from any and all clients." This scenario can be completely avoided by encrypting the backup volumes on the client. Under normal circumstances, I agree. But in the case of a compro

Re: [Bacula-devel] Client run before security concern

2013-09-10 Thread Steve Lee
_ From: Josh Fisher Sent: 09 September 2013 21:58 To: bacula-devel@lists.sourceforge.net Subject: Re: [Bacula-devel] Client run before security concern On 9/9/2013 3:23 PM, Kern Sibbald wrote: On 09/09/2013 05:22 PM, Steve Lee wrote: I'll definitely take a look at the restricted console

Re: [Bacula-devel] Client run before security concern

2013-09-09 Thread Richard Tector
On 09/09/2013 20:23, Kern Sibbald wrote: > On 09/09/2013 05:22 PM, Steve Lee wrote: >> I'll definitely take a look at the restricted console/ACL capability >> which seems pretty useful. >> I guess it wont help though in the case where the server running the >> director has been compromised and a

Re: [Bacula-devel] Client run before security concern

2013-09-09 Thread Josh Fisher
On 9/9/2013 3:23 PM, Kern Sibbald wrote: On 09/09/2013 05:22 PM, Steve Lee wrote: I'll definitely take a look at the restricted console/ACL capability which seems pretty useful. I guess it wont help though in the case where the server running the director has been compromised and a user can cr

Re: [Bacula-devel] Client run before security concern

2013-09-09 Thread Kern Sibbald
rn Sibbald *Sent:* 09 September 2013 12:29 *To:* Steve Lee *Cc:* Blake Dunlap; bacula-devel@lists.sourceforge.net *Subject:* Re: [Bacula-devel] Client run before security concern Hello, Thanks for using Bacula :-) See my note below ... On 09/09/2013 11:07 AM, Steve Lee wrote: Thanks for the rep

Re: [Bacula-devel] Client run before security concern

2013-09-09 Thread Steve Lee
ctory restriction sounds like the best solution. Thanks again. Steve From: Kern Sibbald Sent: 09 September 2013 12:29 To: Steve Lee Cc: Blake Dunlap; bacula-devel@lists.sourceforge.net Subject: Re: [Bacula-devel] Client run before security concern Hello, Thank

Re: [Bacula-devel] Client run before security concern

2013-09-09 Thread Kern Sibbald
grained as restricted consoles. Best regards, Kern Regards Steve Lee *From:* Blake Dunlap *Sent:* 07 September 2013 00:50 *To:* Kern Sibbald *Cc:* bacula-devel@lists.sourceforge.net *Subject:* Re: [Bacula-devel] Client run

Re: [Bacula-devel] Client run before security concern

2013-09-09 Thread Steve Lee
like command locked ssh is what is needed. Regards Steve Lee From: Blake Dunlap Sent: 07 September 2013 00:50 To: Kern Sibbald Cc: bacula-devel@lists.sourceforge.net Subject: Re: [Bacula-devel] Client run before security concern I could see where this could come

Re: [Bacula-devel] Client run before security concern

2013-09-06 Thread Blake Dunlap
I could see where this could come into play in compliance and mutli-tenant situations. It wouldn't hurt to have access masks on the client side as far as allowed directories and / or functions like run commands, maybe even a way to set the client read-only without explicit client action like turni

Re: [Bacula-devel] Client run before security concern

2013-09-06 Thread Davide Giunchi
Il 06/09/2013 20:18, bacula-devel-requ...@lists.sourceforge.net ha scritto: > I hope bacula's designer will take care of that, because it IS an issue. I think that you missed one important thing about floss projects: if this is an important issue for you, you should develop this feature. Kern say

Re: [Bacula-devel] Client run before security concern

2013-09-06 Thread stefano scotti
2013/9/6, Kern Sibbald : > Hello, > > The only security issue is that a "user" should not have access > to the Bacula Director. Only qualified sys admins should have > such access. > > Best regards, > Kern > > That's not true. There are other security issues related to the fact that TCP bacula s

Re: [Bacula-devel] Client run before security concern

2013-09-06 Thread Jason A. Kates
You really don't have to have bacula run as root on the clients. You can also do RSA authentication. On Fri, 2013-09-06 at 14:26 -0400, Josh Fisher wrote: > On 9/6/2013 10:31 AM, Steve Lee wrote: > > > > > > Hi > > > > My head of security just raised a concern about use of bacula and > > the

Re: [Bacula-devel] Client run before security concern

2013-09-06 Thread Kern Sibbald
Bacula is designed with as much security in mind as I knew/know about. Perhaps you haven't yet had the time to read the manual, but aside from not letting a "user" get access to the Director, you can encrypt all the communications, you can also run the FD in backup only mode, and restart it in rea

Re: [Bacula-devel] Client run before security concern

2013-09-06 Thread Josh Fisher
On 9/6/2013 10:31 AM, Steve Lee wrote: *Hi My head of security just raised a concern about use of bacula and the client-run-before-job feature which allows a user with access to the bacula-director server to run any command as root on any client to which the director is configured to connect

Re: [Bacula-devel] Client run before security concern

2013-09-06 Thread Kern Sibbald
Hello, The only security issue is that a "user" should not have access to the Bacula Director. Only qualified sys admins should have such access. Best regards, Kern On 09/06/2013 04:31 PM, Steve Lee wrote: *Hi My head of security just raised a concern about use of bacula and the client-ru

Re: [Bacula-devel] Client run before security concern

2013-09-06 Thread Blake Dunlap
It's honestly no worse than "restoring" a given file any where with any content from the central point vs the client's request. -Blake On Fri, Sep 6, 2013 at 9:31 AM, Steve Lee wrote: > > *Hi > > My head of security just raised a concern about use of bacula and the > client-run-before-job fe