info-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Linux security issues as they pertain to CVS


From: Greg A. Woods
Subject: Re: Linux security issues as they pertain to CVS
Date: Fri, 25 May 2001 20:40:13 -0400 (EDT)

[ On Friday, May 25, 2001 at 14:38:07 (-0700), Mike Castle wrote: ]
> Subject: Re: Linux security issues as they pertain to CVS
>
> On Fri, May 25, 2001 at 04:21:08PM -0400, Greg A. Woods wrote:
> > Worst of all of course is the fact that CVS does not need pserver junk.
> 
> What would you propose as a suitable tools for anonymous cvs access.

An anonymous SSH account, of course.  Pretty easy to set up, even.

However if you wanted something simpler (less heavy-weight), and you
don't care about the security and integrity of the client TCP
connection, then it's pretty easy to set up something like rsh, invoked
from inetd, that does no authentication at all (and which of course
you'd run as some unprivileged user, perhaps in a chroot area with a
statically linked CVS binary through the help of a very tiny and secure
chroot'ing wrapper).  The simplest implementation would be a little
shell script using "nc" (aka netcat) on the client, with inetd on the
server side.  I've not set this up for CVS, but I've done it time and
time again for other similar tools.  Works every time, though provides
litterally no security whatsoever (unless maybe you have TCP Wrappers
integrated into your inetd, as many do these days).

-- 
                                                        Greg A. Woods

+1 416 218-0098      VE3TCP      <address@hidden>     <address@hidden>
Planix, Inc. <address@hidden>;   Secrets of the Weird <address@hidden>



reply via email to

[Prev in Thread] Current Thread [Next in Thread]