Re: Security concern CVSROOT

info-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security concern CVSROOT

From:	Dale Miller
Subject:	Re: Security concern CVSROOT
Date:	Wed, 25 Oct 2000 14:27:12 -0500

Noel,

I restrict people from being able to commit to CVSROOT by using commitinfo.

I added the following line to commitinfo:
CVSROOT $CVSROOT/CVSROOT/commitinfo_ckuser -user=$USER

I added commitinfo_ckuser in checkoutlist so that it is available with the
other administrative files.

And my commitinfo_ckuser program looks like the following:
----------------------  < cut here > ----------------------------------
#!/usr/local/bin/perl -ws
# commitinfo_ckuser    D.Miller
#   called by commitinfo
#
#  $Id: commitinfo_ckuser,v 1.6 2000/09/20 16:06:46 miller Exp $
#
#  This program is called by $CVSROOT/CVSROOT/commitinfo
#  and is used to verify if user is authorized for changing CVSROOT
#  so that commit to CVSROOT files can be restricted
#
#  The logfile is not used at this time.
#

$user    = $ENV{"USER"} unless defined $user;
$CVSROOT = $ENV{"CVSROOT"} unless defined $CVSROOT;
$logfile = "$CVSROOT/CVSROOT/commitinfo_ckuser.log" unless defined $logfile;

print "\$CVSROOT=$CVSROOT\n";

%authorized = ($user =>0,        #prevent uninitialized variable
               'miller' =>1,     #authorized users for CVSROOT checkin
               'heuston' =>1,
               'cmbuild' =>1,
               'cmvmgr' =>1,
               'brodzell' =>1
              );


($repository, @files) = @ARGV;

$ck_user = @ck_user = getpwnam $user;  # checking if user exists locally

if ($repository =~ /$CVSROOT\/CVSROOT/) {
    if (($authorized{$user} == 0) || ($ck_user == 0)) {
        print "You are not authorized to commit CVSROOT files.\n";
        exit 1;    # <<<<----------------------<<<<<<<<<<<
    }
}

exit 0;            # <<<<----------------------<<<<<<<<<<<

# current date and time
$sec = $mday = $mday = $wday = $wday = $yday = $isdst = 0;  #not used
($sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $isdst) = gmtime(time);
$date = sprintf("%4d%02d%02s-%02d:%02d", ($year + 1900), ($mon + 1), $mday, 
$hour,
$min);

open(LOGFILE, ">>$logfile") or die "Cannot append to $logfile: $!\n";

print LOGFILE "$date $user $repository @files\n";

close(LOGFILE);
----------------------  < cut here > ----------------------------------
I currently have the log file code turned off.
This version has a hard coded list of authorized users, however, I have also 
done
it by checking the users group.  This version also checks if a person has a 
local
account
using:   $ck_user = @ck_user = getpwnam $user;  # checking if user exists 
locally

If none of your users have local accounts you could use that method and have no
hard coded authorized list.

I find it simple and it works.
Dale Miller


Noel L Yap wrote:

> You can even set permissions (both traditional permissions and file system 
> ACLs)
> on the CVSROOT directory itself to allow/disallow checkouts/checkins of the
> stuff within CVSROOT.  There are, however, a couple of files within CVSROOT 
> that
> you'll have to be careful of (IIRC, history and valtags).
>
> Noel
>
> address@hidden on 2000.10.25 11:45:14
>
> To:   address@hidden
> cc:   address@hidden (bcc: Noel L Yap)
> Subject:  Re: Security concern CVSROOT
>
> Martin Vogt writes:
> >
> > I dont like it that every user can remotely execute commands.
> > I like to have the ability that the mkmodules call is protected.
> > I like to have a config obtion in CVSROOT which do something like
> > this:
> >
> > MkModules=/usr/sbin/alertsysadmin_by_mail
> >
> > Or as default: leave it blank, then it rebuilds mkmodules.
> >
> > CVSROOT is not changed very much, so it is acceptable that
> > it is done by some "admin"
>
> The whole point of CVSROOT being part of the repository is that you can
> use normal CVS methods to do all of these things.  For example, you can
> use system file permissions and/or commitinfo to limit commits (which is
> what triggers mkmodules) and you can use loginfo to do notifications.
>
> -Larry Jones
>
> The real fun of living wisely is that you get to be smug about it. -- Hobbes
>
> _______________________________________________
> Info-cvs mailing list
> address@hidden
> http://mail.gnu.org/mailman/listinfo/info-cvs
>
> This communication is for informational purposes only.  It is not intended as
> an offer or solicitation for the purchase or sale of any financial instrument
> or as an official confirmation of any transaction. All market prices, data
> and other information are not warranted as to completeness or accuracy and
> are subject to change without notice. Any comments or statements made herein
> do not necessarily reflect those of J.P. Morgan & Co. Incorporated, its
> subsidiaries and affiliates.
>
> _______________________________________________
> Info-cvs mailing list
> address@hidden
> http://mail.gnu.org/mailman/listinfo/info-cvs

[Prev in Thread]

Current Thread

[Next in Thread]

Security concern CVSROOT, Martin Vogt, 2000/10/25
- Re: Security concern CVSROOT, Larry Jones, 2000/10/25
- Re: Security concern CVSROOT, Derek R. Price, 2000/10/28
- Re: Security concern CVSROOT, Noel L Yap, 2000/10/25
  - Re: Security concern CVSROOT, Dale Miller <=

Prev by Date: CVS 1.11 sanity.sh fails at multiroot-log-1 under HPUX 10.20
Next by Date: Re: CVS 1.11 sanity.sh fails at multiroot-log-1 under HPUX 10.20
Previous by thread: Re: Security concern CVSROOT
Next by thread: checkout vs. update
Index(es):
- Date
- Thread