WDef
Group: Members
Posts: 798
Joined: Sep. 2005 |
|
Posted: Sep. 16 2005,08:47 |
|
The backup/restore process is one of dsl's most useful features. Robert's work on dsl is awe inspiring. That said, here are some ideas::
Currently in dsl-1.5 using "protect", the backup/restore script filetool.sh temporarily writes backup.tar.gz to the backup device in plaintext before encrypting and after decrypting. This means an attacker gaining control of the backup device might recover all or part of the unencrypted tarball using appropriate tools.
Also, if an incorrect password is entered twice at the prompts during boot time, decryption fails but the incorrect password nevertheless remains stored in /etc/sysconfig/des. On subsequently backing up, or just rebooting with the default powerdown.sh, the non-restored system gets backed up and encrypted with the incorrect password, replacing the needed backup.des.
I've hacked the scripts slightly to try fixes for these issues. Named pipes are used to communicate between des and tar, thus avoiding writing plaintext temp files to the backup medium, and /etc/sysconfig/des gets deleted if decryption fails.
You can test these, strictly AYOR. For convenience I packaged the altered scripts as an extension - note this must be put on your mydsl drive and autoloaded *during* boot (NOT after). Download (r click, "save as") here md5sum is c83ce8296f5812dc78b04cf701e5912c (check it).
These are unofficial experiments, don't use to backup/restore critical data. Behavior differs from that of the standard scripts. Make copies of your backup tarballs beforehand.
|