[OpenAFS] [OpenAFS-announce] OpenAFS Security Releases 1.8.2, 1.6.23 available --> butc & backup security update question

Benjamin Kaduk kaduk@mit.edu
Thu, 13 Sep 2018 11:56:16 -0500


On Thu, Sep 13, 2018 at 04:05:34PM +0000, Mark Vitale wrote:
> 
> Giovanni,
> 
> > On Sep 13, 2018, at 3:12 AM, Giovanni Bracco <giovanni.bracco@enea.it> wrote:
> 
> > I have read about the butc & backup security update.
> > 
> > We run daily the AFS backup and I would like to understand if I need just to update the backup server with the new butc/backup modules or I need also to update all our file servers in order to match the new security improvements connected to backup.
> 
> Your question seems to be mostly concerned with securing your backups,
> so I'll answer that specific question first.
> If we just consider the OpenAFS backup system in isolation,
> I'm pretty sure you do not need to make changes to your fileservers
> in order to pick up the butc security fixes. (Ben, please chime in if
> you disagree).
> I believe you only _need_ to update butc, but of course it's good
> practice for all the backup system components to have the same version:

You need an updated backup(8) to talk to the updated butc, but I think that
Giovanni had this in mind already.

-Ben