Subject: Re: why use Amanda? (was: FYI: upgrading GNU tar)
To: NetBSD-current Discussion List <current-users@netbsd.org>
From: Dan Melomedman <dan%dan.dan@devonit.com>
List: current-users
Date: 10/15/2002 12:41:00
Greg A. Woods wrote:
> > That is if you trust everybody on your LAN. There have been holes in
> > AMANDA.
> 
> If you don't trust everyone on your LAN then you can't use rmt either so

I never said RMT was better. My point is .*hosts type authentication and
the fact that you could abuse AMANDA to give you any file you want -
which is the exploit I was talking about.

> can make your DNS, NTP, and many other administrative functions a lot
> more secure that way too, all the while not impacting network
> performance for user use in a high-demand environment.  That's what I
> always do when I don't trust all other hosts on the "public" LAN 101%,
> and usually backups are only a secondary concern -- it's the other

It's a good idea, however the software should be secure in the first
place to disallow exploits from the public LAN such that creating
private LANs is not necessary. Some day I'll just have had it with it -
and simply run software which was _designed_ for/with security in mind.
Which excludes AMANDA.

> I've been watching and musing at (usually with great amusement) the
> variety of unix backup tools and schemes and their claims for nearly
> twenty years now and I assure you there's no way you'll ever get all
> three of your wishes to come true, at least not until the time comes
> when your options for backup media and devices are essentially
> restricted to those fast and reliable enough that you really don't need
> the same kind of flexibility you originally set out to find.  Simplicity
> and flexibility in this sector just cannot go together, especially if
> you really need comprehensive site-wide support.  The only true
> simplicity for site-wide backup comes from having centralised secondary
> storage (SAN, net-FS, etc.) with proprietary backup tools, and that by
> definition throws flexibility right out the door.  Pick two -- any two
> -- but just two (or one :-).

All I'd like to see is a set of tools similar to AMANDA but done right.
Essentially what AMANDA offers now but easy to parse and write
configuration files, the server should be archiver and compressor
agnostic, and designed with security built-in such that no user outside
of a server/client can subvert either; such that no logged-in users
can exploit the box just because this software runs on it.

Is it really so impossible? I am sure an expert with enough drive to
write a backup suite done right instead of just "it's good enough for
me" would have it easy.