netinvent/npbackup
1
1
Fork 0
mirror of https://github.com/netinvent/npbackup.git synced 2024-09-20 14:56:14 +08:00
Code Issues Packages Projects Releases Wiki Activity

Create SECURITY.md

Browse source
This commit is contained in:
Orsiris de Jong 2023-05-03 18:50:25 +02:00
parent 90c43ff8cd
commit bc9a4721cf
1 changed files with 19 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
SECURITY.md Normal file
View file

@ -0,0 +1,19 @@
# NPF-SEC-00001: SECURITY-ADMIN-BACKUP-PASSWORD ONLY AVAILABLE ON PRIVATE COMPILED BUILDS
In gui.config we have a function that allows to show unencrypted values of the yaml config file
While this is practical, it should never be allowed on non compiled builds or with the default backup admin password
# NPF-SEC-00002: pre & post execution as well as password commands can be a security risk
All these commands are run with npbackup held privileges.
In order to avoid a potential attack, the config file has to be world readable only.
# NPF-SEC-00003: Avoid password command divulgation
Password command is encrypted in order to avoid it's divulgation if config file is world readable.
# NPF-SEC-00004: Client should never know the repo password
Partially covered with password_command feature.
We should have a central password server that holds repo passwords, so password is never actually stored in config.
This will prevent local backups, so we need to think of a better zero knowledge strategy here.