Re: Linux security issues as they pertain to CVS

[Derek R. Price]

"Greg A. Woods" wrote:

> I think you're focusing on some (admittedly important) details without
> looking at the whole picture.  You cannot have security if you don't
> cover *all* of your bases equally!  You also must understand the
> inherent limitations and assumptions built into your client and server
> platforms so that you can establish a true trust path that'll make it
> possible for you to hold your users accountable for their actions.

I don't agree.  There are different levels of security, and I will grant that 
some
are simply deterrents, but costs are going to be weighed in any security
implementation decision.  My data is not all that valuable to a thief so any
security compromises on my system will likely amount to vandalism which can be
fixed with a small amount of downtime, CVS change backouts, and maybe access to
tape backups.  The analogy would be to putting locks on the door to my apartment
vs. barred windows.  There is a whole different class of people who might walk 
into
my place if they found the door unlocked vs. those who are actually willing to
break a window to get in.  Since I know I live in a fairly nice neighborhood, 
I'm
not going to bar the window since I prefer the unmarred view.  Besides, when I 
lock
myself out I can still break the window myself.  :)

Not barring the windows above the ground floor could extend this analogy - the
windows are still more secure for most purposes than unbarred windows on the 
first
floor, but the costs of using them are higher since I must ascend at least one
flight of steps to get there.  To go even further, I'm not so paranoid or 
important
enough to want to paint over the windows and lose the view to protect myself
against snipers...

Just an example, but I wanted to make the point that there are trade-offs in any
security decision (as with most other real-world decisions), which is why
flexibility is my priority here.

I'm not trying to fight any efforts to make CVS more secure, and far from it
I would accept or at least evaluate most patches in this direction, but I wish 
to
keep a range of security options from simple to use but insecure to tightly 
secure
and harder to use.  Until someone designs a perfectly secure but still usable
system, which I don't hesitate to say won't ever happen, the system 
administrator
should be allowed to configure the system to meet her needs.

I'm not attempting to force anybody to use pserver, just providing what I 
believe
are the facts involved in these particular trade-offs.

Derek

--
Derek Price                      CVS Solutions Architect ( http://CVSHome.org )
mailto:address@hidden         CollabNet ( http://collab.net )
--
155. I had a life once... now I have a computer and a modem.