[Box Backup] FreeBSD Security Officer's take on Box Backup

[James O'Gorman]

I just stumbled upon one of Colin Percival's (the current FreeBSD SO)
older blog entries regarding backups, and apparently he was recommended
Box Backup. Here's what he said:

> The third popular suggestion I received was Box Backup. The
> "Programmers(sic) Notes" included are a bit difficult to understand;
> it sounds like boxbackup does use some very complicated magic with its
> "encrypted rsync" to allow some old bits of files to be removed, but
> I'm not sure if this includes intermediate versions of backed-up files
> or only the versions which are the oldest at the time. The later
> possibility is fine if you only really care about having a backup of
> the most recent version of everything, but it's not useful if you want
> (as I do) lots of recent backups but far less frequent older backups.
> Box Backup also leaks more information than I'm comfortable with; it
> allows the 0wner of the system on which the backups are being stored
> to identify
> 
>     * The structure of the directory tree,
>     * The number of files in each directory,
>     * Approximately how large each file is, and
>     * Which files have been modified.
> 
> I'm probably far more paranoid about such things than most people; but
> I would not want an attacker to say "hey, Colin just updated
> /lib/libcrypto.so.4 on his server; there must be a new OpenSSL
> security vulnerability"; even worse, if I used Box Backup, such an
> attacker could likely figure out which files I had recently modified
> in /usr/src in order to narrow down his search for whatever
> unannounced bug I had just patched.

Is it just me or has he completely misunderstood how Box works? Anyone
care to correct him? :-)

James