[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [rdiff-backup-users] v0.12.3: Security violation on robust.install_s
|
From: |
Randall Nortman |
|
Subject: |
Re: [rdiff-backup-users] v0.12.3: Security violation on robust.install_signal_handlers |
|
Date: |
Sat, 23 Aug 2003 09:10:08 -0500 |
|
User-agent: |
Mutt/1.5.4i |
I have done some more investigation on this on my own, and it seems
that using --restrict-read-only on the server side of the connection
will always fail on this call to robust.install_signal_handlers. I
therefore have two questions and an observation:
1) Am I using --restrict-read-only wrong? My intention is to have a
user account on the machine I wish to back up which is allowed (via
sudo) to execute rdiff-backup with root permissions so that the
entire filesystem may be accessed, but I want to restrict this to
read-only access. I want to initiate the SSH connection from the
backup machine, and so the machine being backed up ends up as the
server in this case. (Using --restrict-read-only on the client side
does me no good; I want to restrict access on the server.)
2) Is there any reason that install_signal_handlers shouldn't be added
to allowed_requests in Security.set_allowed_requests? It seems
harmless enough, but I'm reluctant to go tampering with this part
of the code without fully understanding what I'm doing.
3) It seems to me that robust.install_signal_handlers is being called
once for each connection in Globals.connections, whereas it really
only needs to be called once for the life of the process. The doc
comment for the function says "Install signal handlers on current
connection", but I don't see any connection-related logic in the
function; it's just setting the process signal handler. I don't
think this hurts anything, but calling this more than once is quite
superfluous. Also, if there are no connections in this list (i.e.,
local-to-local backup), the signal handler will never be
installed. I'm not sure if this is the desired behavior or not.
On Thu, Aug 21, 2003 at 07:41:25AM -0500, Randall Nortman wrote:
> I'm running rdiff-backup remotely via ssh, using --restrict-read-only
> for security. The command being run on the remote (source) side is a
> shell script containing only the following command:
>
> /usr/bin/python2.2 /usr/local/bin/rdiff-backup --server --restrict-read-only
> /etc
>
> The command executed on the local (target) side is:
>
> rdiff-backup --remote-schema 'ssh -C %s /path/to/script' hostname::/etc
> /path/to/target
>
>
> When I try to run a backup, I get this:
>
> Traceback (most recent call last):
> File "/usr/local/bin/rdiff-backup", line 24, in ?
> rdiff_backup.Main.Main(sys.argv[1:])
> File "/usr/local/lib/python2.2/site-packages/rdiff_backup/Main.py",
> line 245, in Main
> misc_setup(rps)
> File "/usr/local/lib/python2.2/site-packages/rdiff_backup/Main.py",
> line 211, in misc_setup
> conn.robust.install_signal_handlers()
> File
> "/usr/local/lib/python2.2/site-packages/rdiff_backup/connection.py",
> line 424, in __call__
> return apply(self.connection.reval, (self.name,) + args)
> File
> "/usr/local/lib/python2.2/site-packages/rdiff_backup/connection.py",
> line 346, in reval
> if isinstance(result, Exception): raise result
> rdiff_backup.Security.Violation:
> Warning Security Violation!
> Bad request for function: robust.install_signal_handlers
> with arguments: []
>
>
> I was using exactly the same setup (same arguments, etc.) with version
> 0.10.1 without a problem. (I upgraded because I want to preserve
> uid/gid even though the backup user is not root.)
>
> Am I doing something wrong, or is this a bug?
>
> Thanks for any help,
>
> Randall Nortman
>
>
> _______________________________________________
> rdiff-backup-users mailing list
> address@hidden
> http://mail.nongnu.org/mailman/listinfo/rdiff-backup-users