[Box Backup] OT?: Softlink vulnerabilities in tar and rsync

Chris Wilson chris at qwirx.com
Mon May 30 14:25:01 BST 2011


Hi Achim,

On Mon, 30 May 2011, Achim J. Latz wrote:

> I know that Box Backup is not using rsync per se, but could some of the 
> experts please evaluate how the recent vulnerabilities in tar and rsync 
> (see below) could affect BB's modified algorithm?

Thanks for the notification. As far as I can tell:

* bbackupd performs no permissions checks at all; it's not a security 
enforcement system;

* only the user who runs bbackupd should be able to access the files that 
it backs up, and the encryption key required to decrypt them;

* if a normal user causes root to back up files that are only readable by 
root, then that user will still not have access to them in the backup 
store;

* a normal user might under some circumstances (restoring group-writable 
directories) be able to manipulate files while bbackupquery is restoring 
them, and cause bbackupquery to overwrite important files that way; we 
could fix that by creating files with mode 0700 and resetting them to the 
correct mode later;

* symbolic links are backed up as such, not followed, unless a backup 
location points directly to one.

Cheers, Chris.



More information about the Boxbackup mailing list