On Fri, Oct 24, 2008 at 7:59 AM, Gene Heskett <[EMAIL PROTECTED]> wrote: >>Amanda accept a hostname "localhost" that is comming over the network? If >> this is possible, shouldn't this be fixed? I think not the posibility to >> configure it is the security hole itself. > > I don't know & will let Dustin or Jean-Louis answer that. I haven't ever > tried it myself.
Sorry to contradict you, Gene, but using 'localhost' in .amandahosts is no more a security hole than using BSD* auth in general. When Amanda accepts a connection, it performs a reverse-DNS translation of that hostname (getnameinfo), and then forward-translates that name to be sure it matches (check_host_give_sockaddr). This happens in common-src/security-util.c. So if another machine connects from, say, 132.17.28.228, and has spoofed the reverse DNS for that IP to translate to "localhost.localdomain", then the server will map the IP to the name, then try to map "localhost.localdomain" back to that IP. As long as the server is correctly configured to map "localhost.localdomain" to "127.0.0.1", the server will reject the connection. There are some security problems with BSD-based authentication, as it relies on the network layer to provide correct return IP addresses. This is better with TCP than with UDP, since TCP connections are harder to spoof, but man-in-the-middle attacks are still possible. In general, if you're using BSD* authentication, your servers should be protected from the open internet. We already have SSH authentication, but that's not always easy to set up because it requires usernames and home directories. I'd like to add SSL authentication using certificates, but at present there's no spare developer time to work on that. Anyone interested? :) Dustin -- Storage Software Engineer http://www.zmanda.com