[pve-devel] [RFC container v2 23/25] backup: implement restore for external providers
Fabian Grünbichler
f.gruenbichler at proxmox.com
Fri Sep 13 08:34:37 CEST 2024
> Fiona Ebner <f.ebner at proxmox.com> hat am 12.09.2024 15:56 CEST geschrieben:
> Am 12.09.24 um 14:43 schrieb Fabian Grünbichler:
>
> > also, for both tar and rsync we probably need to think about how to
> > prevent bogus input here (which might be user-creatable if they have
> > write access to the backup storage) from violating our assumptions..
> >
> What assumptions do you mean exactly?
mainly things like symlinks/hardlinks in weird places, wrong looking dir layouts, containing file systems that don't belong (/dev , /proc, ..), stuff like that..
with vzdump backups, we have the reasonable assumption that backup archives are
- well-formed (created by our code)
- put there by an admin with raw storage access (can already do pretty much everything)
with external backups, we don't know who can put what onto the backup storage, there's a lot more that can theoretically be snuck in (also by less-privileged users that have access to the backup storage), so it probably warrants extra caution..
More information about the pve-devel
mailing list