bug-cvs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fwd: Socks support in CVS]

From: Mark D. Baushke
Subject: Re: [Fwd: Socks support in CVS]
Date: Mon, 16 Jun 2003 11:54:48 -0700 
Hi Nicolas,

Nicolas Catania <nicolas.catania@hp.com> writes:

> Folks,
> 
> On the socks version:
> ====================
> True that v5 superseeded v4. Still many companies are still using
> v4. V4 does not precludes v5. Typically environemnt variables and
> config files are used to switch between the 2.

I am given to understand that v4 and v5 really do not interoperate as
such, so I guess it makes sense that users could configure to use one or
the other.

> On the implementation:
> ======================
> There are no free implementation for windows that is really convenient
> (free unlimited licence). Linux and other UN*X system use a runsocks
> program that intercept calls using dynamic library loading order.

I was under the impression that dante was a free socks v4/v5 implementation.

    http://www.inet.no/dante/

However, it may be that a good port for windows does not exist for that
version?

> On the socks v4 non-standard:
> ============================
> Actually socks v4 became a de-facto standard. After its success, NEC
> wanted to make money out of it and published socks v5 with some added
> security. The problem is that lazy firewall administrator did not buy
> it and most of the time sticked with v4. The authorization management
> was something that they were not prepared to deal with.
> 
> I think that support for socks v4 or v5 would give a greater
> flexibility to the cvs client. While SSH is still recommened, I don't
> see why we should prevent people to use socks if they wish to (e.g. to
> checkout open source repositories).
> 
> Bottom line is that I have a wroking socks v4 extension to cvs on my
> harddrive. I could contribute it. If you want it let me know and I'll
> write the documentation for it as well and maybe will write V5 support
> as well. If you do not want it, well... I'll keep it.
> 
> Thanks
> 
> Niko
> 
> PS: You can enable/disable my code using --enble-socks at configuration time.

Hmmm... I have no strong opinions one way or the other on this right now
other than my normal inertia against introducing something that may have
negative security implications. 

Just to be clear, it would just be the client that needs to worry about
getting thru the firewall, right? If so, I do not see a big problem with
adding some kind of socks support in theory. 

Testing it could also be a problem as I personally do not use socks for
anything here. How easy is it to test a socks client?

        -- Mark
reply via email to
[Prev in Thread] Current Thread [Next in Thread]