info-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Linux security issues as they pertain to CVS


From: Larry Jones
Subject: Re: Linux security issues as they pertain to CVS
Date: Fri, 25 May 2001 10:50:43 -0400 (EDT)

Ralph Mack writes:
> 
> Now it seems to me that when looking at a program I have to ask "What
> actions can this program perform in a setuid() environment?" 

The problem is that that question is generally unanswerable.  CVS is a
big program that, if you follow the general advice for setting up
pserver, runs as root.  The intent is that it only runs as root long
enough to authenticate the user and then uses setuid() to run as the
user for the rest of the time so that all of the actions that you expect
it to perform will be performed as the user.  However, it is extremely
difficult to prove that it isn't possible to trick it into doing
something unexpected while it's running as root, and there are lots of
known ways to trick it into running code as someone else, even root. 
The most obvious of those is to add or modify a $CVSROOT/CVSROOT/passwd
that maps a user with a known password to another user, but there are
lots of more subtle ways, too.

That said, I agree with your main point that one has to determine the
appropriate level of risk.  When running on a mostly-trusted, reasonably
secure intranet, pserver is no more risky than rsh, and probably a lot
easier to set up than ssh.

-Larry Jones

I suppose if I had two X chromosomes, I'd feel hostile too. -- Calvin



reply via email to

[Prev in Thread] Current Thread [Next in Thread]