info-cvs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New update to the CVS ACL patch to support user groups

From: minyard
Subject: Re: New update to the CVS ACL patch to support user groups
Date: 25 Jul 2001 09:10:40 -0500 
"Ellison, Martin [IT]" <address@hidden> writes:

> Corey: I have added the ability to have user groups....
> Noel: FYI, file system support for ACLs (man setfacl for info) would make
> your patch redundant....
> 
> As I understand it, to use Unix file permissions CVS has to run as root,
> which has security implications. If security is important, it is not a good
> idea to run CVS as root. Solaris has ACLs already but the security issue
> prevents using them with CVS. Corey's patch allows CVS to run as 'cvsuser'
> and still control access.

You are correct for stock pserver, if you use Unix file permissions,
CVS is capable of being rooted.  The CVS people have been doing a good
job removing array overrun capable stuff, but it's hard to get them
all.

If you are using rsh/ssh (":ext:"), that's not the case, since CVS runs as
the ssh user from the beginning.  That's certainly a more secure way
to do it, anyway.

If you use my patch, you should create a cvs userid and run CVS as
that id, so you can limit the scope of an attack.

> Or have I missed something?

I chatted with Noel a little bit about this.  In my opinion, you have
to evaluate the security and user implications.  If filesystem ACLs
meet your needs and you have them, you should use those, since they
don't involve patching CVS and are more flexible (per-file
permissions).  If they do not, you should look at my patch.

-Corey
reply via email to
[Prev in Thread] Current Thread [Next in Thread]