Re: to stop commit

info-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: to stop commit

From:	Mark D. Baushke
Subject:	Re: to stop commit
Date:	Thu, 18 Aug 2005 12:42:30 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

S I <address@hidden> writes:

> Mark, my hat's off to you.  I'm always thankful for your feedback &
> expertise.
> 
> Unfortunately, I inherited my box with :pserver method already running
> & installed by the previous admin.  However, my CVS server grants NO
> shell access but only allowing users to use CVS DOS Client or Tortoise
> to login.  My question is, do you still think :pserver is unsecure
> with no shell access?

Yes, I do.

The lack of shell access does not imply that it may not be used as an
attack vector for the host operating system. In fact, CVS has had
security problems in the past that have done very bad things to the host
machines.

CVS was designed at time when security was not a primary design
criteria. The :pserver: protocol is much to trusting and the CVS
implementation could still contain many holes.

CVS has never really had the kind of security audit it would need to be
a viable secure portal to the host machine and could have many places
left which do not properly examine all of the inputs being used. As
such, it is ripe for being owned by an as yet undiscovered security
hole.

The info-cvs archives are full of many places that discuss the security
implications and problems with :pserver: in the past and possible
problems that still lurk.

If you are running inside of a secure network and do not allow outside
users access, you might be okay for now, but I would not bet money on
it.

That said, there are pragmatic reasons why the CVS team has not tried to
remove the :pserver: support from CVS. Many folks would not be able to
get other enhancements and updates if we stopped supporting their
current setup. I do wish we could remove support and strongly urge you
to move away from :pserver: use if at all possible.

        Good luck,
        -- Mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)

iD8DBQFDBOSlCg7APGsDnFERAl8FAKClpNqyGu9LDhWhncNv6W6E2V0fuACfX0xD
8F64gMB8ERVd50THlGWWpls=
=q9T0
-----END PGP SIGNATURE-----

[Prev in Thread]

Current Thread

[Next in Thread]

to stop commit, Parvinder Singh Arora, 2005/08/18
- Re: to stop commit, Mark D. Baushke, 2005/08/18
  - Re: to stop commit, S I, 2005/08/18
    - Re: to stop commit, Mark D. Baushke, 2005/08/18
    - Re: to stop commit, S I, 2005/08/18
    - Re: to stop commit, Mark D. Baushke <=
    - Re: to stop commit, Julian Opificius, 2005/08/18
    - Re: to stop commit, Mark O'Brien, 2005/08/19
    - Message not available
    - Re: to stop commit, Pierre Asselin, 2005/08/18
    - Re: to stop commit, Mark D. Baushke, 2005/08/18
    - Message not available
    - Re: to stop commit, Pierre Asselin, 2005/08/19
    - Re: to stop commit, Mark D. Baushke, 2005/08/19
- RE: to stop commit, Schrum, Allan (Allan), 2005/08/19
  - Re: to stop commit, Mark O'Brien, 2005/08/19
    - Re: to stop commit, Jim Hyslop, 2005/08/21
    - Re: to stop commit, Mark O'Brien, 2005/08/22

Prev by Date: Re: to stop commit
Next by Date: Trouble to use cvs via pserver-mode
Previous by thread: Re: to stop commit
Next by thread: Re: to stop commit
Index(es):
- Date
- Thread