bug-cvs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: CVS Security Issues

From: Walter, Jan
Subject: RE: CVS Security Issues
Date: Fri, 19 Dec 2003 18:04:42 +0100 
Jim, all,

I'll take on a point below:

> -----Original Message-----
> From: Jim.Hyslop [mailto:Jim.Hyslop@Leitch.com]
> Sent: Friday, December 19, 2003 5:19 PM
> To: 'CVS-II Discussion Mailing List'; 'CVS-II Bugs Mailing List'
> Subject: RE: CVS Security Issues

[stuff deleted...]

> > I.e. please do not pretend you can gain anything by 
> pretending to make
> > the CVSROOT/passwd file harder to mess with.
> That's a good point - as Bruce Schneier, author of "Applied 
> Cryptography"
> and a computer security expert, is fond of saying: Security 
> is only as good
> as its weakest link. For pserver, access to the passwd file is not the
> weakest link by any means. Moving the file to a different 
> location will not
> significantly improve its inherent insecurity.
[more stuff deleted ...]

The only reason to put the passwords somewhere else is to prevent someone
from accidentally checking it out and accidentally changing or deleting
someone elses' password and checking the file back in. It's a support issue,
not a security one, whether the user intended to change their password or
someone elses' is another question entirely. But I think there is a 'gain'
here by keeping the passwd file somewhere else where some git can't wipe all
the users by accident and bring development to a grinding halt.

That's my opinion. 

On security, you have two types of security anyways: 1) protection against
malicious people and 2) protection for your data from accidental damage,
deletion, or whatever ("protecting users from themselves"). CVS is part of
category 2, obviously with the support of backup systems and so on. Pserver
figures into category 2 because you prevent the users from accidentally
working in the actual repository and doing stuff like deleting directories.
The keyword here is accidental - either because of ignorance or because one
was not thinking about what directory someone happened to be in. I would
also argue category 2 is (still) responsible for most data loss in the world
today.

Your opinion?

Seasons greetings,

Mr. Jan Walter
Chief Architect

DEFINIENS AG
Trappentreustr. 1; D-80339 München
Phone: +49-(0)89-231180-18
Fax: +49-(0)89-231180-90 
jwalter@definiens.com
http://www.definiens.com
reply via email to
[Prev in Thread] Current Thread [Next in Thread]