secure remote backups

Ben Escoto
Mon, 17 Dec 2001 14:01:21 -0800

Content-Type: text/plain; charset=us-ascii

>>>>> "MW" == mike wolman <>
>>>>> wrote the following on Mon, 17 Dec 2001 14:27:34 +0000 (GMT)

  MW> /usr/local/bin/rdiff-backup -v6 --remote-schema "ssh -C %s
  MW> '/home/backupuser/'" \
  MW> /home/backups/machinename

  MW> When run as root on the backup server i am able to preserve user
  MW> and group ownership for all files.

  MW> Please let me know if i have left major security hole open here,

This strikes me as being pretty safe (and something that I would do)
but does seem to introduce some risks.  You are probably aware, but I
will list:

1.  If someone compromises root@backup_server, apparently it is now
    easy for them to log into as mike, and delete
    all of mike's files.  (But perhaps it was this way before

2.  If someone compromises root@backup_server, they can run the
    rdiff-backup server as, and get it to
    read/erase arbitrary files on

3.  If someone compromises, they can also run
    the rdiff-backup server as, and if they
    know what they are doing, they can get root access on that

4.  If someone compromises, they can rewrite
    the rdiff-backup server there, and try to hack the client (running
    as root@backup_server when it connects) to get root access at

Ben Escoto

Content-Type: application/pgp-signature

Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Exmh version 2.5 01/15/2001