From f114544b4683d09e892720c3f4b438d816d88e59 Mon Sep 17 00:00:00 2001 From: Orsiris de Jong Date: Mon, 15 Jan 2024 01:23:16 +0100 Subject: [PATCH] Update SECURITY.md --- SECURITY.md | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 5603855..2c61479 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,3 +1,4 @@ +# Retired since v2.3.0, replaced by NPF-SEC-00007 # NPF-SEC-00001: SECURITY-ADMIN-BACKUP-PASSWORD ONLY AVAILABLE ON PRIVATE COMPILED BUILDS In gui.config we have a function that allows to show unencrypted values of the yaml config file @@ -7,6 +8,7 @@ While this is practical, it should never be allowed on non compiled builds or wi All these commands are run with npbackup held privileges. In order to avoid a potential attack, the config file has to be world readable only. +We need to document this, and perhaps add a line in installer script # NPF-SEC-00003: Avoid password command divulgation @@ -22,4 +24,18 @@ This will prevent local backups, so we need to think of a better zero knowledge # NPF-SEC-00005: Viewer mode can bypass permissions Since viewer mode requires actual knowledge of repo URI and repo password, there's no need to manage local permissions. -Viewer mode permissions are set to "restore". \ No newline at end of file +Viewer mode permissions are set to "restore". + +# NPF-SEC-00006: Never inject permissions if some are already present + +Since v2.3.0, we insert permissions directly into the encrypted repo URI. +Hence, update permissions should only happen in two cases: +- CLI: Recreate repo_uri entry and add permission field from YAML file +- GUI: Enter permission password to update permissions + +# NPF-SEC-00007: Encrypted data needs to be protected + +Since encryption is symmetric, we need to protect our sensible data. +Best ways: +- Compile with alternative aes-key +- Use --aes-key with alternative aes-key which is protected by system \ No newline at end of file