Open smerschjohann opened 8 years ago
Thanks, I'll try to merge this into ssh_filter_btrbk.sh as soon as I find some time.
This was not a high priority for me, as no root access is needed for raw targets (try setting ssh_user <myuser>
), and I still consider it experimental (mainly because you don't get any error messages if the btrfs send stream is corrupt, which happened to me in the past).
Is this still followed up?
Though I think, things would be much more restrictive... especially find
(-delete
) and dd
(arbitrary if
and or of
) could be used to cause great harm.
I start looking into to this (in addition with some more general overhaul) myself.... won't promise anything... but if someone should start work on this soon... it would perhaps be worth to coordinate.
Note that for raw targets, there is no requirement to ssh as root. This making the support in ssh_filter_btrbk much less important, as access control can be managed via correct user permissions.
Yes, that's clear, but still, in practise user login is often similar to root due to security holes (take alone the "monthly" privilege escalation found in kernel user namespaces 😉)
I couldn't find a filtered ssh shell for backup on a remote server as raw files. I made a script for that: