Date: Thu, 8 Mar 2001 20:36:32 -0800 From: "Crist J. Clark" <cjclark@reflexnet.net> To: Mike Tancsa <mike@sentex.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: "write only" fs/files ? Message-ID: <20010308203632.Q1367@cjc-desktop.users.reflexcom.com> In-Reply-To: <5.0.2.1.0.20010308130831.03074aa0@marble.sentex.ca>; from mike@sentex.net on Thu, Mar 08, 2001 at 01:21:01PM -0500 References: <5.0.2.1.0.20010308130831.03074aa0@marble.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Mar 08, 2001 at 01:21:01PM -0500, Mike Tancsa wrote: [snip] > One additional feature that would be nice to have would be to provide one > way backups somehow. i.e. the client machine dumps its data to the backup > server either into a dump file or tar file or sync'd file system via > rsync. But, for security purposes, it would be nice to somehow mark that > data once uploaded as being inaccessible to the client machine. This way > if their box gets compromised after the backup, they dont have access to > the data before it gets offloaded to tape. Figure out how to have the files created with the uappnd flag set or set uchg immediately after they finish a dump. Run the backup server at elevated securelevel. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010308203632.Q1367>