[Boxbackup-dev] bbstoreaccounts minor security enhancements?

[Chris Wilson]

Hi Pete,

On Mon, 14 May 2012, Peter Jalajas, GigaLock Backup Services wrote:

> A couple of low priority, minor security related, items.
>
> I was deleting a big account today, and did this:
>  $ sudo bbstoreaccounts delete 0x9999999
>  WARNING: Really delete account 0x99999999? (type 'yes' to confirm)
>
> For a little extra safety, I think it would be very helpful to add the
> account name to that WARNING, like so:
>  $ sudo bbstoreaccounts delete 0x9999999
>  WARNING: Really delete account 0x99999999 (name=ClientName)? (type
> 'yes' to confirm)
>
> Would it be as simple as adding something like:
>  info->GetAccountName() <<

Yes, that should do it.

> While I'm at it, I noticed this line 426:

>    425                 // Just use the rm command to delete the files
>    426                 std::string cmd("rm -rf ");
>    427                 cmd += *d;
>
> 1) Again, as a little extra security, or maybe not, should the
> absolute path for "rm" be used?

I think it does, doesn't it? What does it print out after "Deleting store 
directory"?

> 2) And/or is there any added benefit to offering something like
> "shred"?  Maybe a "shred -fun 1"?  I realize shred is not an panacea
> and has lots of limitations.

Must be plenty of platforms with no shred, and they wouldn't thank me for 
that. Besides the data is supposed to be unreadable to the server 
operator; why would bits of it be useful to an attacker after the account 
had been deleted? Don't think this adds any security.

Cheers, Chris.
-- 
_____ __     _
\  __/ / ,__(_)_  | Chris Wilson <chris+sig at qwirx.com> Cambs UK |
/ (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Ruby/Perl/SQL Developer |
\__/_/_/_//_/___/ | We are GNU : free your mind & your software |