info-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Linux security issues as they pertain to CVS


From: Greg A. Woods
Subject: Re: Linux security issues as they pertain to CVS
Date: Wed, 30 May 2001 00:38:01 -0400 (EDT)

[ On Tuesday, May 29, 2001 at 13:59:09 (-0400), Derek R. Price wrote: ]
> Subject: Re: Linux security issues as they pertain to CVS
>
> > Yeah, and there's "nc -l" too.  But is either going to work in a
> > production environment in a development shop?  I doubt it....
> 
> Why not?

One problem is that as a sysadmin if I saw "ined-derek" running on my
machine I'd kill it first and ask questions later....

> > I'll bet it'll bring any sane and knowledgeable security officer down so
> > hard on your head too that you won't even know what hit you.
> 
> Why?

First off you're offering a new network service, and even if it's only
on the internal network you'd better bet the security guys want to know
what it's all about.

Secondly once they find out what you're actually running they'll be all
over you to accept full responsibilty for everything in your repository
as if you wrote it yourself (since you have no proof that you didn't and
you don't even have any proof of who might have).

-- 
                                                        Greg A. Woods

+1 416 218-0098      VE3TCP      <address@hidden>     <address@hidden>
Planix, Inc. <address@hidden>;   Secrets of the Weird <address@hidden>



reply via email to

[Prev in Thread] Current Thread [Next in Thread]