Les Mikesell wrote at about 10:02:34 -0500 on Thursday, June 4, 2009: > Jeffrey J. Kosowsky wrote: > > > > As I proved in my earlier post, the chance of a collision on even a > > Petabyte sized pool is about 1 in 10^38. > > Note that we've all gotten used to trusting tcp crcs for error detection > and it's probably much weaker. > > However, it would still be disturbing to realize that your backup > integrity could be compromised by anyone with access to the files. > Consider a scenario where a disgruntled employee who still has access to > files first prepares the 'evil twin' file with the hack to force an md5 > value and puts it somewhere that the backup system will find it. Later > he makes the matching alteration to critical files in a way that doesn't > break normal use. Then he waits for any backups of the unaltered data > to expire, then destroys the working copies and leaves. > > Assuming it's your job to restore a working copy, what happens next?
I would assume that if such a "disgruntled" employee has *write* access to critical files, then surreptitiously modifying a few backup copies would be the least of your worries. He could much more easily and reliably make other non-detectable changes to the same critical files that would be much more guaranteed to create damage than to hope that some day there would be a crash of the system requiring a restore of the corrupted pool file. And if an employee was so skilled to know how to manipulate the block architecture and md5sum hash of the backup system, then he surely would be talented enough to come up with many more serious, evil, and probably less detectable ways of causing damage. ------------------------------------------------------------------------------ OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get _______________________________________________ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List: https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki: http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/