From owner-freebsd-security Mon Sep 27 14:21:20 1999 Delivered-To: freebsd-security@freebsd.org Received: from gndrsh.dnsmgr.net (GndRsh.dnsmgr.net [198.145.92.4]) by hub.freebsd.org (Postfix) with ESMTP id E581E15435 for ; Mon, 27 Sep 1999 14:21:05 -0700 (PDT) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: (from freebsd@localhost) by gndrsh.dnsmgr.net (8.9.3/8.9.3) id OAA13248; Mon, 27 Sep 1999 14:11:52 -0700 (PDT) (envelope-from freebsd) From: "Rodney W. Grimes" Message-Id: <199909272111.OAA13248@gndrsh.dnsmgr.net> Subject: Re: dump(8) Insecurity/Misconfiguration In-Reply-To: <199909272103.PAA12558@mt.sri.com> from Nate Williams at "Sep 27, 1999 03:03:41 pm" To: nate@mt.sri.com (Nate Williams) Date: Mon, 27 Sep 1999 14:11:52 -0700 (PDT) Cc: cjclark@home.com, Cy.Schubert@uumail.gov.bc.ca (Cy Schubert - ITSD Open Systems Group), dillon@apollo.backplane.com (Matthew Dillon), freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > > [ > > > Rod asserts that using SSH for backups is a revenue-generating task, and > > > as such violates the 'free' use of the SSH license. > > > ] > > > > > > > I'll bet you dollars to a dog turd that the SSH licensor considers this > > > > a licensable situation. > > > > > > I've got the dog turd, so the bet is on. > > > > Okay. Who do I call or email?? > > www.datafellows.com > > However, realize that ignorance is somewhat bliss here, so don't go off > sicking DataFellows on a bunch of unsuspecting people because of the way > you define what backups are. I'm pretty good at playing a stupid luser who just wants to know if he can do this or not... :-) > > > > However, $2K/seat is alot of money for an ISP to charge for something as > > > trivial as backups, especially when minimum cost is $4K (one for the > > > tape server, and one for the remote client). > > > > Hummmm.... twice what a reasonable capacity tape drive is a bit much!! > > But it is much less than some of the backup solutions we have done for > > clients, with DLT robots and such. > > > > > It's simply not worth it, IMO. > > > > It could be worth it, if Licenese violations where at concerned the > > normal allowable damages would far exceed the $4K. > > > > The real simple solution for this person is to simply go use amanda, > > that is how we eliminated this whole issue! > > Amanda doesn't solve the security issue. :( I beg to differ, it goes a long ways to fixing the security problems that rdump/rsh introduce. It uses it's own daemon with it's own .amandahosts file with it's own protocol. It can easily be filtered at boarders, and you can't use the username to even log in if things are done correctly. IMHO, it is more secure than a dump run over ssh, unless you also needed to connection encrypted, which could be hacked into amanda easy enough. -- Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message