[Box Backup-dev] COMMIT r348 - in box/chris/bb-save-state: . bin/bbackupd lib/common lib/server

[Charles Lecklider]

Chris Wilson wrote:
> Hi Ben,
> 
>>>  And are some windows changes still pending?
>>
>> I don't think so, unless anyone wants to fix Charles' list of Win32
>> issues before the release candidate.
> 
> I will try, but I'm hopelessly lost with the Named Pipe ACLs. I can't
> believe that Microsoft (a) made CreateNamedPipe insecure by default, (b)
> did not document that fact, and (c) did not provide a simple, obvious
> way or instructions to implement the most obvious security policy, which
> is of course full access to the owner, no access to anyone else.

But in this case, that wouldn't work. Box runs as a service, and by
default the user is LocalSystem. So, only LocalSystem would be able to
connect, and that's not much use....

For now I think an ACL containing just LocalSystem and the
Administrators local group would do the trick.


In future the whole architecture needs changing to suit the way Windows
works. Sounds very dramatic, but I don't think it need be at all - it's
more of a conceptual change than a massive code hack. For example, if
Box ran as Local Service, a small stub pipe client could be scheduled to
run the backup (or on demand, or on login to remain until logout) as a
particular user. Box would call ImpersonateNamedPipeClient and run a
snapshot of that user's files. This is perhaps 50 lines of code in total
- hardly a huge change.

It also has the benefit of allowing the keys to be stored in the user's
certificate store. A little more work and a user-specific configuration
could be stored in e.g. the Local Settings directory in the user's profile.

At that point, Box works nicely with Active Directory and roaming profiles.


I have code to do about 90% of the above, and the rest is really just
glue. However, the small matter of future licensing plans needs to be
resolved before I can add code from my standard libraries....

-C