On Thu, Feb 05, 2009 at 08:20:45AM -0500, Andrew Ferguson wrote: > On Feb 5, 2009, at 8:13 AM, Dominic wrote: >> The ones I think most interesting are first whether new repositories can >> be created (logically yes, but does it work?), and second >> --check-destination-dir (and automatic fixing of a previous failed >> backup). Logically --check-destination-dir should work because the action >> that rdiff-backup takes in this case is not a security risk (it is only >> undoing a backup that has failed, and a malicious user cannot use it to >> remove valid backups), but as it involves deleting data on the server >> --restrict-update-only might prevent it. I guess the best way to find out >> for sure is to create a failed backup and try it... > > Automatically repairing a failed backup will fail if you have > --restrict-update-only for exactly the reason Dominic describes. I have > thought this one through yet, but perhaps over the course of multiple > backup sessions, a malicious user could construct a source to fail in a bad > way when the repository tries to repair itself. > > An administrator paranoid and involved enough to be using > --restrict-update-only is assumed to be vigilant enough to pay attention > when rdiff-backup has failed (since it will error and backtrace) and > manually intervene to repair the repository. > Exactly, I will notice if I'm getting any errors from rdiff-backup and will go and investigate.
> > Regarding first creating new repositories, yes, I think that too will be > blocked. There was some discussion a few years ago about this: > http://savannah.nongnu.org/bugs/?16897 ... I don't remember what was > resolved. I suppose we could add os.mkdir() to the safe list. > It's not a big issue for me, if/when I set up new clients and/or new hierarchies to back up I'm quite happy to do some manual backups or remove the --restrict-update-only from teh destination temporarily. -- Chris Green _______________________________________________ rdiff-backup-users mailing list at [email protected] http://lists.nongnu.org/mailman/listinfo/rdiff-backup-users Wiki URL: http://rdiff-backup.solutionsfirst.com.au/index.php/RdiffBackupWiki
