From owner-freebsd-security Sun Oct 21 18:28:27 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.wlcg.com (mail.wlcg.com [198.92.199.5]) by hub.freebsd.org (Postfix) with ESMTP id 9D0BA37B405 for ; Sun, 21 Oct 2001 18:28:23 -0700 (PDT) Received: (from root@localhost) by mail.wlcg.com (8.11.6/8.11.6) id f9M1SNu22240; Sun, 21 Oct 2001 21:28:23 -0400 (EDT) (envelope-from rsimmons@wlcg.com) Received: from localhost (rsimmons@localhost) by mail.wlcg.com (8.11.6/8.11.6) with ESMTP id f9M1SMr22233; Sun, 21 Oct 2001 21:28:22 -0400 (EDT) (envelope-from rsimmons@wlcg.com) X-Authentication-Warning: mail.wlcg.com: rsimmons owned process doing -bs Date: Sun, 21 Oct 2001 21:28:18 -0400 (EDT) From: Rob Simmons To: Hassan Halta Cc: freebsd-security@freebsd.org Subject: Re: using dump for backups. In-Reply-To: <20011020231659.H77421-100000@quark.cs.earlham.edu> Message-ID: <20011021211141.E7102-100000@mail.wlcg.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by AMaViS perl-10 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Using dump locally to a tape, or other device is safe. Using rdump and enabling rsh on a remote machine to dump to a device on that machine can be unsafe due to rsh, not dump itself. If you need to dump to a remote device, you can use ssh to make it safer. You can also look into using Amanda, which can use Kerberos to make the remote dumps safer as well. Amanda can use tar as well. As far as Amanda is concerned, dump and tar are interchangeable. Also, unfortunately the port for Amanda in the ports collection does not have options for Kerberos. You will need to look at the configure options to Amanda, and extract the proper configure switches, and add them yourself to CONFIGURE_ARGS (of course, after adding MAKE_KERBEROS4=yes to your make.conf). As far as I know, Amanda only works with krb4, not krb5 yet. I could be wrong. Robert Simmons Systems Administrator http://www.wlcg.com/ On Sat, 20 Oct 2001, Hassan Halta wrote: > Hi all, > > I was thinking of using dump/restore way to backup files on the system. I > heard sometime ago that FreeBSD dump was insecure. So, I am wondering if > this is still the case, and how insecure it is, or what the fixes for it? > I would like to know more about it if possible, > > Thanks a lot, > > Hassan > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE703Y2v8Bofna59hYRAyw7AKC9pbK095BRUUn+Scv7co5DXCI6awCcCot0 tpLnAyKAkx5sWuFc92iC9i0= =64an -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message