> On Sep 14, 2022, at 2:46 PM, Cris Perdue <[email protected]> wrote:
>
> Hi David,
>
> Your plan looks quite good to me, especially given that you prefer to only
> permit authorized mirroring, not just anyone who chooses to set up a mirror.
>
> My one small suggestion would be to check that mirror servers can run rsync
> like this:
>
> $ rsync -e ssh -a [email protected]: /var/www/cn.metamath.org/
>
> -- in other words, omitting the path to the source area to be mirrored.
That's a new syntax for me, but sure, we can try it.
> https://dev-notes.eu/2015/06/secure-rsync-between-servers/ indicates that
> this should work (OK, they add a trailing "/"),
Interesting. I note that they do the same thing - the mirrors initiate the
rsyncs (not the other way around).
> and you really don't want the mirrors to even be able to copy over other
> parts of your source filesystem, so the
> full source path ought to be ignored if given.
I agree that mirrors shouldn't have access to everything on the server.
That said, leaking the name of the path is okay. The configuration is publicly
visible after all.
The overall goal is to minimize privilege to make an attacker's job harder.
That also makes my life easier; if the system isn't 0wned, then I don't have to
spend my time fixing it :-). Determined & clever attackers can get into all
sorts of
systems, but if we make it a pain, the attackers are likely to attack
a different system that's more valuable to them.
--- David A. Wheeler
--
You received this message because you are subscribed to the Google Groups
"Metamath" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/metamath/C105BC6E-5030-4176-8422-3193FE9AF233%40dwheeler.com.
