[Server-devel] [PATCH] Touch a ".transfer_complete" to mark completion, minor cleanups

Martin Langhoff martin.langhoff at gmail.com
Tue Jun 17 11:18:27 EDT 2008 

On Mon, Jun 16, 2008 at 7:19 PM, Michael Stone <michael at laptop.org> wrote:
> You could probably fix my objection by updating the protocol wiki page
> to discuss this convention.

First it's got to work. Not worthwhile documenting one second before that.

> Does the server only consider backups that
> contain this completion flag? (More generally, how does the server
> select which path it should return to the client?)

If it works, I'll tag incomplete backups, so recovery can pick.

>> Hmmm. Nothing prevents clients from just ssh'ing in and rsyncing to
>> various nested directories to DoS our storage.
>
> Once you've given a login to someone then yes, they can do a lot of
> damage. However, I consider that problem to be orthogonal to the problem
> we were discussing, which was that of people who don't have logins doing
> nasty things.

They do have logins. Orthogonal or not, the interesting problem is
split in (a) attackers, (b) benign clients.

>> Heck, without rssh they get shell, so they can eat up the partition
>> with a quick dd if=/dev/zero of=bla
>
> Quotas? Token-bucketed writes? There's lots of options.

And lots of work. Finite time.

>> If you tell me that our threat scenario is more serious, we are in for
>> a complete change of plans.
>
> Is your threat scenario described anywhere?

I don't think so, but perhaps it's ignorance. What are the prioritised
threat scenarios from your POV as the security guy?

In any case, it doesn't need much sophistry - we have rsync over ssh here.

> P.S. - Another curious thought: world-writable files on my XO will
> remain world-writable on the XS after being rsync'ed up and down, right?
> Presumably that means we need to take some care with the permissions on
> the directory we ask the client to store them in...

Probably means we need to run a chroot for this. Processes outside
(such as apache) need access to these user files.

Ah, yuck.




m
-- 
 martin.langhoff at gmail.com
 martin at laptop.org -- School Server Architect
 - ask interesting questions
 - don't get distracted with shiny stuff - working code first
 - http://wiki.laptop.org/go/User:Martinlanghoff

More information about the Server-devel mailing list