Re: ANN: cvssh - secure ext-to-pserver bridge

[David A. Desrosiers]

> There have been lots of descriptions of how to do this posted to this
> list in the past.  I suggest you research groups.google.com and/or
> www.geocrawler.com.

        Descriptions, with absolutely no working solution. Do you get the
full depth of a book by reading just the 'Foreward'? I have seen these
various methods, and they are garbage. All of the tunneling, ssh'ing,
wrapping, chrooting scripts which do nothing but open yet more holes in an
already secure system. No thanks.

> You might also find suggestions about how to do anonymous read-only SSH
> access to CVS in some NetBSD-related forums -- NetBSD has such as
> service running now for their source repo.

        I know how to do anonymous read-only ssh, and it actually involves
nothing other than SSH itself (well, and sshd). NetBSD's implementation uses
a wrapper, which.. ta-da, is exploitable, since you can break through it by
killing the child process during the fork. It's been explained in many tomes
before, do not fork off children if you intend your application to be
secure.

> Note that regardless of how you provide anonymous read-only access it
> should undoubtably be done on a separate machine with a separate copy of
> the repository.  Do not trust mixed anonymous read-only access and
> commit access to the same files!

        And how, praytell, do you get those files sync'd back to the main
repository? Or are you suggesting forking the entire project each time
there's a commit? Sort of ruins the whole purpose of cvs, doesn't it?



/d