| 1 |
On Thu, 25 Feb 2010 17:41:13 +0200, Alan McKinnon wrote: |
| 2 |
|
| 3 |
> And someone gets into your backup server, BANG! instant pwnage of every |
| 4 |
> single machine on your network. Heck, you don't even have to try and |
| 5 |
> compromise the local root account, you already have full unfettered |
| 6 |
> access to everything anyway. |
| 7 |
|
| 8 |
Which is why you don't allow access to the backup server from outside of |
| 9 |
the network, and restrict root access from inside. Because backups are |
| 10 |
initiated from the server, it doesn't actually need any ports open to do |
| 11 |
its job, although a web server is needed to run the user interface |
| 12 |
(which isn't necessary). The ebuild sets up a separate instance of |
| 13 |
Apache just for this, so even if you are already running Apache on the |
| 14 |
backup server (which is a crazy idea to start with) compromising that |
| 15 |
won't get you into the backups. |
| 16 |
|
| 17 |
> Worse, I'll bet the server software runs |
| 18 |
> as an unpriviledged user, so you can just bypass the bit where you have |
| 19 |
> to compromise root there as well. |
| 20 |
|
| 21 |
You lose :P |
| 22 |
|
| 23 |
The server runs as a restricted user, with no login shell. |
| 24 |
|
| 25 |
|
| 26 |
-- |
| 27 |
Neil Bothwick |
| 28 |
|
| 29 |
WinErr 042: Virus error - A virus has been activated in a dos-box. The |
| 30 |
virus, however, requires Windows. All tasks will automatically be closed |
| 31 |
and the virus will be activated again. |
Archives