info-cvs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Any plan to merge cvspwd into cvs?

From: Ben Kial
Subject: Re: Any plan to merge cvspwd into cvs?
Date: Mon, 06 May 2002 07:26:16 GMT 
Correct me if I am wrong, but I don't think any disgruntled employee
can check in any change without a trace, even if the CVS server is
using :pserver and "cvspwd" to manage user accounts.

Here is what I setup for the CVS server. Please advise any weakness...

   - In my Unix server, a "cvsuser" group is created with two users
     "cvsadmin" and "cvsguest".  They (and "root", of course :-) are
     the only users in the entire Unix server.

   - The "cvspwd" has the following permission settings

         -rwsr-sr-x   1 root     cvsuser   26196 Apr  1 11:04
/usr/local/bin/cvspdw

   - The repository is created and owned by user "cvsadmin"

   - A CVSROOT/passwd file is added with all the CVS users.

With the above settings, "cvsguest" is the Unix account shared by all
CVS users (i.e. its password is known to all CVS users). The security
of the system is based on the following assumptions (criticize if you
see any problem...)

   - "cvspwd" makes sure that only "cvsadmin" can create/delete CVS
     users (I know this because I tried to login into Unix as
     "cvsguest" and cannot create CVS user using "cvspwd")

   - A CVS user can only change his CVS :pserver password by login in
     to the Unix server as "cvsguest" and type "cvspwd <CVS User
     Name>". "cvspwd" will first ask you to type in the correct
     password of the CVS user.

Unless the hacker can reverse engineering the CVS user's password from
the CVSROOT/passwd file, I cannot see how he can cause any damage?

Thanks,


Ben

"Mark A. Flacy" <address@hidden> wrote in message
news:address@hidden
> >>>>> "Ben" == Ben Kial <address@hidden> writes:
> Ben>
> Ben> I am new to CVS administration and I could some education here...
The
> Ben> "cvspwd" only changes the password file under CVSROOT/password.  This
> Ben> has nothing to do with any Unix user account. I don't understand how
> Ben> can this cause any security problem? Worst comes to worst, a hacker
> Ben> can only add/modify/delete CVS users (which in my setting I map them
> Ben> all to a Unix "cvsguest" user account). The best (or worst) he can do
> Ben> is to mess up the CVS repository, right?
>
> Heh.  You might really want to be sure *who* is performing changes to your
> repository.
>
> How about the disgruntled employee that codes in a back door or a worm
into
> your product?  Not only would you want to know who did it but you'd like
to
> be able to check the *other* changes that they had made to the code base.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]