info-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVS access control


From: yap_noel
Subject: Re: CVS access control
Date: Wed, 26 Sep 2001 17:01:25 -0400

>On Wed, Sep 26, 2001 at 10:45:50AM -0400, address@hidden wrote:
>> >When you're at it, you should also allow for different ruling on
different
>> >branches, not only directories.
>>
>> I'm kind of against this, too, since branch-level permissions don't
afford
>> security at all since the archive file is still writable.  All these
ACLs
>> will afford is a false sense of security.
>
>"[no] security at all" is kind of an overstatement.  The security
>provided by a CVS-level permissions scheme would be weak, but not
>nonexistent.  It wouldn't prevent a malicious user from
>committing to the wrong branch, but it would prevent people from
>doing so by accident/carelessness.  This concurs perfectly with
>CVS's existing security model.  For example, the up-to-date check
>guards against my stomping your changes by accident, but doesn't
>prevent me from stomping them with a bit of work ("cvs up -f1.5
>-j1.4 foo.c" or "cvs up foo.c; mv foo.bak foo.c").

By definition, "security" is about preventing malicious "users" from doing
harm.  It's not about avoiding accidents by careless users.  For example,
would you consider a knotted rope tying my door shut to be any sort of
security since it avoids accidental openings?

>For many purposes, weak protection might be good enough to
>protect against unwanted actions by your authorized users, in
>conjunction with strong security to keep out unauthorized people.

Then this topic shouldn't be discussed within the frame of security.
Unfortunately, ACLs are very much a security issue.

Right now, I see two ways around this:

1.  Create a file system that supports versioning.  This file system would
treat branches as it would directories.

2.  Have commitinfo be able to process branch information and have the
commitinfo script check for proper "authorization".  Since the cvs admin is
the one implementing this, the cvs admin is very aware of how little
security is there.

Noel



This communication is for informational purposes only.  It is not intended as
an offer or solicitation for the purchase or sale of any financial instrument
or as an official confirmation of any transaction. All market prices, data
and other information are not warranted as to completeness or accuracy and
are subject to change without notice. Any comments or statements made herein
do not necessarily reflect those of J.P. Morgan Chase & Co., its
subsidiaries and affiliates.




reply via email to

[Prev in Thread] Current Thread [Next in Thread]