On Mon, Jun 16, 2008 at 7:19 PM, Michael Stone <[EMAIL PROTECTED]> wrote: > You could probably fix my objection by updating the protocol wiki page > to discuss this convention.
First it's got to work. Not worthwhile documenting one second before that. > Does the server only consider backups that > contain this completion flag? (More generally, how does the server > select which path it should return to the client?) If it works, I'll tag incomplete backups, so recovery can pick. >> Hmmm. Nothing prevents clients from just ssh'ing in and rsyncing to >> various nested directories to DoS our storage. > > Once you've given a login to someone then yes, they can do a lot of > damage. However, I consider that problem to be orthogonal to the problem > we were discussing, which was that of people who don't have logins doing > nasty things. They do have logins. Orthogonal or not, the interesting problem is split in (a) attackers, (b) benign clients. >> Heck, without rssh they get shell, so they can eat up the partition >> with a quick dd if=/dev/zero of=bla > > Quotas? Token-bucketed writes? There's lots of options. And lots of work. Finite time. >> If you tell me that our threat scenario is more serious, we are in for >> a complete change of plans. > > Is your threat scenario described anywhere? I don't think so, but perhaps it's ignorance. What are the prioritised threat scenarios from your POV as the security guy? In any case, it doesn't need much sophistry - we have rsync over ssh here. > P.S. - Another curious thought: world-writable files on my XO will > remain world-writable on the XS after being rsync'ed up and down, right? > Presumably that means we need to take some care with the permissions on > the directory we ask the client to store them in... Probably means we need to run a chroot for this. Processes outside (such as apache) need access to these user files. Ah, yuck. m -- [EMAIL PROTECTED] [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff _______________________________________________ Server-devel mailing list [email protected] http://lists.laptop.org/listinfo/server-devel
