[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ANN: cvssh - secure ext-to-pserver bridge

From: David A. Desrosiers
Subject: Re: ANN: cvssh - secure ext-to-pserver bridge
Date: Thu, 21 Feb 2002 18:59:36 GMT
User-agent: Pan/0.11.2 (Unix)

> Duh.  If you're doing authentication and authorisation on a unix-based
> file server then you MUST, _M_U_S_T_ use a unique system account for
> ever real-world user or else you might as well not use any
> authentication whatsoever.  Pserver has NO accountability from the
> system's point of view.  None whatsoever.  Don't use pserver.  Ever.

        Except in the cases where using pserver is actually _MORE_ secure
than giving users a valid unix account on your server. I could very well
trust my developers, and give them shell accounts, but I can _NOT_ trust
their machines, their network, their personal accountability when they 
are 9,000 miles from my location. I have developers all over the world
using my services, all with pserver, because the "risk" (which there is
none) is completely negligable. The risk of giving out hundreds and 
thousands of unix accounts, however.. is _HUGE_. No thanks, pserver is 
much, much, much more secure for my needs, and the needs of my developers
in this instance. 

        Also, giving a user a shell, even chrooted, or blocked from the 
ability to log in, consumes much more process and resources on the box, 
and definately scales linearly, and is open to much more exploitable 
holes than what pserver provides. The risk of sniffing the password is
nil using pserver, since obtaining it gives the "cracker" exactly 
nothing. Are they going to commit code on our behalf? Unlikely. 
Delete a tag? We can roll back out. It's all negligable. 
        pserver with strong host-based controls on the open port, using
ACLs provided by cvs, and proper directory and system-level security is
_MUCH_ more secure than opening up a huge, authenticated, valid hole in 
your production machine by handing out ssh accounts. For distributed
project development tasks that are being done on the servers, pserver 
exceeds. Yes, it's not ideal, but it's better than the other alternatives
I've seen and personally walked right through like water. 

        Just my 0.02c.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]