current-users: Re: why use Amanda? (was: FYI: upgrading GNU tar)

Subject: Re: why use Amanda? (was: FYI: upgrading GNU tar)
To: NetBSD-current Discussion List <current-users@netbsd.org>
From: Dan Melomedman <dan%dan.dan@devonit.com>
List: current-users
Date: 10/15/2002 22:45:02

Greg A. Woods wrote:
> This discussion is/was about RMT vs. Amanda for network backups.  No
> other alternatives have been mentioned (outside rsync and rdiff-backup
> which don't really provide their own transport, at least not for
> purposes such as this, but use something like SSH instead).

"afbackup" maybe? Has anybody used this yet?

> > the fact that you could abuse AMANDA to give you any file you want -
> > which is the exploit I was talking about.
> 
> Then you haven't configured your Amanda installation properly.  The
> major security holes related to amrecover were fixed well before 2.4.1.
> NetBSD's pkgsrc modules for Amanda are now at 2.4.2p2, and 2.4.3 was
> recently released.  See the file "docs/SECURITY" in the release.

Whether they were fixed or not isn't as important as much as the presence
of holes at some period in time. The historic record is there, you can't
ignore it. How much money are you willing to bet there won't be any more
holes in AMANDA or any other package with a bad record?

> That's just not possible, especially for something with the requirements
> common to generic backup software, never mind the fact that the general
> assumption by system developers has usually been that the local LAN is
> _not_ a public network.

I can't see why it's not possible. Simple, secure, flexible software is
available right now even at no cost and with source code available. It
has been done, there's nothing special about.  Just because the majority
of software sucks doesn't mean it's impossible.

> > Some day I'll just have had it with it -
> > and simply run software which was _designed_ for/with security in mind.
> > Which excludes AMANDA.
> 
> Amanda was in fact designed with security in mind -- just not the kind
> of security that makes it safe to run it across a public network since
> that wasn't a design requirement.

It wasn't even designed to run securely inside of a LAN - you wouldn't
see holes otherwise.

> > All I'd like to see is a set of tools similar to AMANDA but done right.
> 
> We're all waiting for your detailed technical proposal and prototype
> implementation!  ;-)

I already have beginnings of a  design for it, but I doubt I'll ever
have the time to implement it or even publish it. As I said before the
currently available software is good enough for most people - the
incentive to write something simple and beautiful is just not.