Re: [rdiff-backup-users] restrict option

[Ben Escoto]

>>>>> Åke Brännström <address@hidden>
>>>>> wrote the following on Thu, 15 Jan 2004 11:32:53 +0100

> I have been trying out rdiff-backup 0.12.16 and it looks really nice. I 
> do, however, have some problems using the --restrict option which I 
> don't fully comprehend.
> 
> The setup I'm using is that I let the client initiate the connection to 
> the backup server. I've put command="rdiff-backup --server --restrict 
> /home/archive/ake/" in authorized_keys2. Then the following happens:
> 
> $ rdiff-backup test backup-server::/home/archive/ake/
> [...]
> Warning Security Violation!
> Request to handle path /home/archive/ake/rdiff-backup-data
> which doesn't appear to be within restrict path /home/archive/ake/.

The basic --restrict option should work---is it possible it doesn't
like your trailing '/' on '/home/archive/ake/'?  It could be a silly
bug like that.

> The second problem I have is that I can restore files from outside the 
> restricted path. For example,
> 
> $ rdiff-backup --restrict /home/archive/ake/ -r now 
> backup-server:test-backup/file1 test/file1
> 
> works although /home/archive/test-backup is clearly not within restrict 
> path /home/archive/ake/.

Ouch, this is more serious.  Can you verify that the server is really
being run with the proper --restrict option?  Adding a --restrict
option to the client doesn't do anything (the idea being that an
attacker wouldn't be so polite as to make sure he typed that in).  You
can though use the --remote-schema option, as in:

rdiff-backup --remote-schema 'ssh %s rdiff-backup --server --restrict
/home/archive/ake' -r now backup-server:test-backup/file1 test/file1


-- 
Ben Escoto