From 694efcf00c75c27c451cba27b23c1cd30caf5f59 Mon Sep 17 00:00:00 2001 From: Andrew Engelbrecht Date: Mon, 12 Sep 2022 22:32:21 -0400 Subject: [PATCH] move up security warning, give warning emoji --- README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index e331526..f4a6ceb 100644 --- a/README.md +++ b/README.md @@ -72,6 +72,12 @@ When you're done, type `^C` or run `fusermount -u ~/mount/` ## Design / Security +⚠️ **Security limitation:** The remote client backed up via Kaya runs the +restic command, so it has control over setting time stamp metadata for new +backups. If malicious time stamps are set by the client, and you then prune +your backups, legitimate backups you want to keep may be automatically removed, +leaving illegitimate ones. + The main reasons for using restic is that it is easy to deploy, even on older systems, and it offers the rest-server mode for interaction. @@ -111,12 +117,6 @@ The rest-server's `--append-only` mode is meant to prevent infected machines from deleting their own past backups. Target machines are still able to push new backups, and to read archived data. -**Security limitation:** The remote client backed up via Kaya runs the restic -command, so it has control over setting time stamp metadata for new backups. If -malicious time stamps are set by the client, and you then prune your backups, -legitimate backups you want to keep may be automatically removed, leaving -illegitimate ones. - ## Contributing If you'd like to contribute to Kaya, feel free to open an issue or pull -- 2.25.1