kellow@ndcheg.cheg.nd.edu (John Kellow) (02/03/90)
Several months ago I posted a message about using a public domain program called macdump to do automated backups of a mac hard disk to a Unix host. The replies to my posting confirmed what I thought, the program works but it lacks security (when your mac is running the dump server essentially anyone on the unix host can issue the dump command and make a complete copy of your hard disk). I also received several replies from people saying "this program is just what I need, where can I get it." So I think a fair number of people are interested in such a program. Recently, I've seen some postings on a security hole in NCSA Telnet where anyone can ftp to your mac if ftp is left enabled. Whether this is a bug or a feature is debatable. Personally, I think this needs to be emphasized more in the telnet documentation because I just assumed (and I think a lot of other people did too) that only the person running the telnet session could start an ftp session to his mac. This got me to thinking - since telnet acts as an ftp server, and since it already has support for a password file, how difficult would it be to add a 'dump' command. Then you could just use plain old ftp on the unix side to retrieve the dump image for backup. This would solve the security problem. Before you go home at night, you'd just start up telnet. Then sometime in the middle of the night the unix host could just run ftp, log in with the right password, and retrieve the full or incremental dump. Does this sound like a good idea? How hard would this be to implement? Is anyone from NCSA listening? I'd really like to hear some comments on this. John Kellow kellow@ndcheg.cheg.nd.edu