New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"compromised client" threat model #8193
Comments
ThomasWaldmann
changed the title
[QUESTION] compromised client threat model
"compromised client" threat model
Apr 22, 2024
AFAIK:
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Have you checked borgbackup docs, FAQ, and open GitHub issues?
Yes, I've read hosting repositories, protecting against a hacked backup client, and the attack model pages.
Is this a BUG / ISSUE report or a QUESTION?
Question
System information. For client/server mode post info for both machines.
(not relevant)
Full borg commandline that lead to the problem (leave away excludes and passwords)
(not relevant)
Describe
the problem you're observingyour question.Hello! First of all, thanks for the excellent work! I have a few questions that I was not able to find nailed down in the docs, or in an issues here on github. I'm sorry if this is covered elsewhere (and if it has, I'd like to get it referenced in the FAQ to cut down on this kind of noise question in the future).
I'm considering a case where I have one machine (the borg client) that might be subject to an "evil maid attack". I have another machine (the borg backup server) that I'm assuming is totally secure. I'm planning on running
borg serve --append-only --restrict-to-repository /mnt/somewhere/for/client
via socat, as described in backing up in pull mode.I have a few questions:
borg serve
to "go rogue" and (say, e.g.) execute arbitrary commands on the backup server? I.e., would you consider this a security vulnerability worth a CVE?borg mount
does anything worse than serve malicious/corrupt files? E.g., could a malicious client cause a subsequentborg
command on that dataset to become compromised? (I'm assuming this would be considered a security vulnerability worth a CVE?)The text was updated successfully, but these errors were encountered: