kellow@ndcheg.cheg.nd.edu (John Kellow) (11/13/89)
I've been playing around with the macdump program that lets you dump a mac hard disk to a unix host. It seems to work pretty well. Is anyone using this on a regular basis - if so I'd like to hear from you about any problems or comments that you may have. I don't want to rely on it until I know its reliable. One thing I'm concerned about is security. What prevents an unauthorized person from doing a dump of your mac? Even if you restrict access to the macdump program, I don't see why someone couldn't just get a copy of the program themselves and compile it. Otherwise it seems like a nice idea. John Kellow kellow@ndcheg.cheg.nd.edu
jeff@eniac.seas.upenn.edu (Jeffrey M White) (11/14/89)
In article <929@ndcheg.cheg.nd.edu> kellow@ndcheg.cheg.nd.edu (John Kellow) writes: > >I've been playing around with the macdump program that lets you dump a >mac hard disk to a unix host. It seems to work pretty well. Is >anyone using this on a regular basis - if so I'd like to hear from you >about any problems or comments that you may have. I don't want to >rely on it until I know its reliable. One thing I'm concerned about is >security. What prevents an unauthorized person from doing a dump of your >mac? Even if you restrict access to the macdump program, I don't see >why someone couldn't just get a copy of the program themselves and >compile it. Otherwise it seems like a nice idea. > >John Kellow >kellow@ndcheg.cheg.nd.edu I've been using it regularly on 3 Mac's for a good 2 months now. In general it works as described. I do a full backup on the Mac's once a week and an incremental every other day, so I haven't needed to play around with the max number of sessions at once, copying the files off to tape, etc. The biggest problem I have with it is that it requires you to dump the ENTIRE volume, and since most of our systems have 40 or 80 Mbytes drives, that's ridiculous. I would VERY MUCH like a version that allowed you to specify which folders/files you want to backup (or not backup), maybe a Redux-type backup criteria. This could either be from the Unix side, or else something on the Mac (either separate application or included in setup for Dumper rdev), so that when the unix system issues a general 'macdump' command, it reads whatever the user on the Mac has setup. In lieu of this, what I have done it partitioned the users' disks. On the 40 Meg systems, I think I created 7-10 Meg user partions (either with their name or a generic "UserFiles", and just instructed the users to place all their data files in that partition. As this was done at the time the Mac's were being first installed, it wasn't a problem. I had communcations with another macdump user who wanted to add existing users to the macdumptab file, but ran into the problem of them having 40-60 Mbytes on their disks already. I guess in this case it would depend upon how your administration is. On our system, the backups go into the user's own directory. If they have the quota space to support an 80 Meg backup, then I guess let thme do it. But if it is a service that you are provided, I would just say, "This what you have to do to use our backup program (partition disk). If you don't like it, then do your own backups." Of course, you should make it sound a little niceer than that! I never thought about the security implications, mainly because we don't have many if nay people (especially students) that know about the Mac stuff we have installed on our system. There doesn't seem to be much security in this version. Even requiring the program to run as root (and then making the executable 700) would be a big improvement. However, the creator would probably have to create a new version of the Mac rdev as well, one that would only speak with the version of the Unix program, which included the security enhancements. I think that macdump does offer a lot of potential. The only question is whether the original author or someone new would want to make some of the suggested changes to make it a truly great program. Jeff White University of Pennsylvania jeff@eniac.ses.upenn.edu
jeff@eniac.seas.upenn.edu (Jeffrey M White) (11/14/89)
In article <6041.8911131514@crete.cs.glasgow.ac.uk> inei@cs.glasgow.ac.UK (Nick Nei) writes: >John Kellow writes: > >====================================================================== >I've been playing around with the macdump program that lets you dump a >mac hard disk to a unix host. It seems to work pretty well. Is >anyone using this on a regular basis - if so I'd like to hear from you >about any problems or comments that you may have. I don't want to >rely on it until I know its reliable. One thing I'm concerned about is >security. What prevents an unauthorized person from doing a dump of your >mac? Even if you restrict access to the macdump program, I don't see >why someone couldn't just get a copy of the program themselves and >compile it. Otherwise it seems like a nice idea. >====================================================================== > >I've had to modify the source code so that only the user can dump >his/her own disc, except superuser. > That's an obvious solution, but the problem still remains if the source code for the program is available from any of the public domain sites. A user only has to obtain his own original version of the code and then compile it himself. I think the real solution, as I said in another posting, is to create a "version 2" of the Mac cdev that will only communicate with a "version 2" of the unix macdump program, with this new version having security restrictions (such as having to run suid root) that are required. Jeff White jeff@eniac.seas.upenn.edu