[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Security, audits and pserver
|
From: |
Walter, Jan |
|
Subject: |
RE: Security, audits and pserver |
|
Date: |
Mon, 16 Dec 2002 17:16:41 +0100 |
That's why you would tunnel it over ssh or something like that, with limited
key access. People you trust get the key, and their key gets kept on the
server. Definitely, a wide-open pserver connection is just an invitation to
get cracked.
Jan
> -----Original Message-----
> From: address@hidden [mailto:address@hidden
> Sent: Monday, December 16, 2002 5:13 PM
> To: address@hidden
> Cc: address@hidden
> Subject: Re: Security, audits and pserver
>
>
> Walter, Jan writes:
> >
> > Personally I tend to believe that giving people any sort of local
> > access (even in a chrooted environment for the user for
> instance) is
> > more of a security risk than allowing pserver access over ssl/ssh,
> > with the limited number of users having the key needed to connect
> > (i.e. Auto-key negotiation disabled and so on). This limits the
> > exposure of pserver to people already having the public key of the
> > server (and their public key registered there).
>
> Note that giving anyone pserver access to a machine is
> equivalent to giving them local shell access -- there are
> fairly simple tricks that can be used to execute arbitrary
> code on the server. CVS was not designed as a security
> application, it was designed as a collaboration application
> for cooperative users.
>
> -Larry Jones
>
> Let's just sit here a moment... and savor the impending
> terror. -- Calvin
>
- Re: Security, audits and pserver, (continued)
Re: Security, audits and pserver, Phil R Lawrence, 2002/12/12
RE: Security, audits and pserver, Neis, Mark, 2002/12/12
RE: Security, audits and pserver, Douglas Finkle, 2002/12/13
RE: Security, audits and pserver, Walter, Jan, 2002/12/16
RE: Security, audits and pserver,
Walter, Jan <=