info-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: New update to the CVS ACL patch to support user groups


From: Mark
Subject: RE: New update to the CVS ACL patch to support user groups
Date: Wed, 25 Jul 2001 06:49:14 -0700 (PDT)

--- "Greg A. Woods" <address@hidden> wrote:
> Unfortunately CVSpserver is totally insecure.  It offers absolutely no
> secure accountabilty (which allows redirection of blame), provides no
> real network security (it's just a plain clear-text TCP connection), and
> worst of all it affords no protection whatsoever from a dedicated
> attacker since CVS itself is not internally secure.  CVS was not
> designed and implemented to be run in the "pserver" style of operation
> and be made responsible for authentication and authorisation as well as
> auditing -- it was designed and implemented only to be run by users
> authorised and authenticated by the underlying operating system.
> CVSpserver should be ripped out of CVS and left behind as a futile
> failed experiment.  There was never any real reason for it in the first
> place (just short-sightedness), and there's even less reason for it now
> in a day when secure external network acess protocols such as SSH are
> widely implemented.

We have CVS pserver runing as a non-root user. The pserver cvs binary has
update and checkin .prog disabled in server.c (client binary has to have it
enabled to work properly). I had the UNIX admin add one line to services file
and one line to inetd.conf and then the SA washes his hands of the CVS stuff. I
maintain the CVS passwd file and reader/writer files.

Without root access (or as limited root assistance as possible), can you
explain the set up CVS client/server using SSH that has/addresses the
following:
    - prevents all users from any type of write acces to the CVS repostory file
structure (they may or may not have there sand boxes on the server machine)
    - does not require users to have accounts on the server machine
    - provides repository level write access controls (simlar to
readers/writers)
    - does not require mucking with UNIX groups for access control (ie. if
user1 with write access to repo1 repo2 and if user2 with write access to repo2
repo4)
    - allows all users read access to all repositories
    - dealing with checkin and update .prog (if necessary)

Greg, you are very persistant about security and using SSH (or similar) with
CVS (particuarly pserver). Seeing the number and frequency of your postings
(particular posts from others that open the door to your anti-pserver crusade),
I was wondering if you would have the time to help those less experienced or
knowledgeable than yourself, educate and provide alternatives, rather than
continually post that CVS is not secure and to use SSH (or similar).

Maybe a simple "How to setup a SSH equivalent for pserver" text document is all
that is needed to help people migrate from pserver to SSH. Since you say there
isn't any real reason for pserver to exist, if there is anyone on this list
that might have the desire/drive/knowledge/experience to write up such a
how-to, I think it would be you.

I think after each anti-pserver rant, it would not be considered so much of a
rant if you provided guidance to the alternative you are suggesting. Having
such a how-to text document would make things much easier for you and more
pleasent for the people you are responding to.

Mark

__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/



reply via email to

[Prev in Thread] Current Thread [Next in Thread]