Re: CVS access control

[Eric Siegerman]

On Wed, Sep 26, 2001 at 10:45:50AM -0400, address@hidden wrote:
> >When you're at it, you should also allow for different ruling on different
> >branches, not only directories.
> 
> I'm kind of against this, too, since branch-level permissions don't afford
> security at all since the archive file is still writable.  All these ACLs
> will afford is a false sense of security.

"[no] security at all" is kind of an overstatement.  The security
provided by a CVS-level permissions scheme would be weak, but not
nonexistent.  It wouldn't prevent a malicious user from
committing to the wrong branch, but it would prevent people from
doing so by accident/carelessness.  This concurs perfectly with
CVS's existing security model.  For example, the up-to-date check
guards against my stomping your changes by accident, but doesn't
prevent me from stomping them with a bit of work ("cvs up -f1.5
-j1.4 foo.c" or "cvs up foo.c; mv foo.bak foo.c").

For many purposes, weak protection might be good enough to
protect against unwanted actions by your authorized users, in
conjunction with strong security to keep out unauthorized people.

--

|  | /\
|-_|/  >   Eric Siegerman, Toronto, Ont.        address@hidden
|  |  /
The world has been attacked.  The world must respond ... [but] we must
be guided by a commitment to do what works in the long run, not by what
makes us feel better in the short run.
        - Jean Chrétien, Prime Minister of Canada