Backup Central

John Goerzen <jgoerzen < at > complete.org>
wrote the following on Fri, 4 Jun 2004 10:40:08 -0500
Got this bug report at Debian:

----- Forwarded message from Marc Haber <mh+debian-bugs < at > zugschlus.de> -----

From: Marc Haber <mh+debian-bugs < at > zugschlus.de>
Date: Fri, 04 Jun 2004 17:13:17 +0200
Reply-To: Marc Haber <mh+debian-bugs < at > zugschlus.de>, 252654 < at > bugs.debian.org
To: Debian Bug Tracking System <submit < at > bugs.debian.org>
Subject: Bug#252654: rdiff-backup --server gives full discretionary power
...
However, rdiff-backup --server doesn't have any possibility to
restrict the operation. So, I could easily do a rdiff-backup from the
local box to the remote box, overwriting /etc/shadow and other
interesting files with my local versions. The only security I have
against this is the security of the private key which is an issue on
the local system.

There may be an easy answer to this bug at least: See the --restrict*
options.


--
Ben Escoto

On Fri, Jun 04, 2004 at 09:33:35AM -0700, Ben Escoto wrote:
against this is the security of the private key which is an issue on
the local system.

There may be an easy answer to this bug at least: See the --restrict*
options.

Yup. I'll close the bug. Sorry I didn't notice that before sending it
to you.

-- John