Merge pull request #5773 from ThomasWaldmann/attack-or-unsafe-docs-master

docs: add unsafe workaround to use an old repo copy, fixes #5722
2021-04-19 20:23:27 +02:00 · 2021-04-19 20:23:27 +02:00 · a9b1e1fe56
parent 04915c4175 06c6e7e79c
commit a9b1e1fe56
1 changed files with 25 additions and 0 deletions
--- a/docs/faq.rst
+++ b/docs/faq.rst
@ -93,6 +93,31 @@ Also, you must not run borg against multiple instances of the same repo

 See also: :ref:`faq_corrupt_repo`

+"this is either an attack or unsafe" warning
+--------------------------------------------
+
+About the warning:
+
+  Cache, or information obtained from the security directory is newer than
+  repository - this is either an attack or unsafe (multiple repos with same ID)
+
+"unsafe": If not following the advice from the previous section, you can easily
+run into this by yourself by restoring an older copy of your repository.
+
+"attack": maybe an attacker has replaced your repo by an older copy, trying to
+trick you into AES counter reuse, trying to break your repo encryption.
+
+If you'ld decide to ignore this and accept unsafe operation for this repository,
+you could delete the manifest-timestamp and the local cache:
+
+::
+
+  borg config repo id   # shows the REPO_ID
+  rm ~/.config/borg/REPO_ID/manifest-timestamp
+  borg delete --cache-only REPO
+
+This is an unsafe and unsupported way to use borg, you have been warned.
+
 Which file types, attributes, etc. are *not* preserved?
 -------------------------------------------------------